Lucene search

K

[email protected]NVD:CVE-2014-1592

HistoryDec 11, 2014 - 11:59 a.m.

CVE-2014-1592

2014-12-1111:59:06

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.6%

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

Affected configurations

NVD

Node

mozillafirefoxRange≤33.0

OR

mozillafirefox_esrRange≤31.2

OR

mozillaseamonkeyRange≤2.30

OR

mozillathunderbirdRange≤31.2

References

lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

www.debian.org/security/2014/dsa-3090

www.debian.org/security/2014/dsa-3092

www.mozilla.org/security/announce/2014/mfsa2014-87.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/71398

bugzilla.mozilla.org/show_bug.cgi?id=1088635

security.gentoo.org/glsa/201504-01

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.6%

Related for NVD:CVE-2014-1592

mozilla1 openvas22 cvelist1 prion1 cve1 veracode1 ubuntucve1 oraclelinux2 redhat2 nessus28 debian2 centos2 ubuntu2 osv2 mageia2 suse3 freebsd1 archlinux1 securityvulns1 ibm1 gentoo1