8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.3%
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 13.10 | |
ubuntu_linux | eq | 12.10 | |
ubuntu_linux | eq | 12.04 | |
debian_linux | eq | 8.0 | |
debian_linux | eq | 7.0 | |
firefox | lt | 28.0 | |
firefox_esr | ge | 24.0 | |
firefox_esr | lt | 24.4 | |
seamonkey | lt | 2.25 | |
thunderbird | lt | 24.4 |
lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
rhn.redhat.com/errata/RHSA-2014-0310.html
rhn.redhat.com/errata/RHSA-2014-0316.html
www.debian.org/security/2014/dsa-2881
www.debian.org/security/2014/dsa-2911
www.mozilla.org/security/announce/2014/mfsa2014-17.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/66423
www.ubuntu.com/usn/USN-2151-1
bugzilla.mozilla.org/show_bug.cgi?id=966311
security.gentoo.org/glsa/201504-01
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.3%