Lucene search

K

PRIOn knowledge basePRION:CVE-2014-1524

HistoryApr 30, 2014 - 10:49 a.m.

Buffer overflow

2014-04-3010:49:00

PRIOn knowledge base

www.prio-n.com

5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

CPENameOperatorVersion
ubuntu_linuxeq13.10
ubuntu_linuxeq12.10
ubuntu_linuxeq12.04
ubuntu_linuxeq14.04
debian_linuxeq8.0
debian_linuxeq7.0
fedoraeq20
fedoraeq19
firefoxlt29.0
firefox_esrge24.0

Rows per page:

1-10 of 281

References

lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html

lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html

lists.opensuse.org/opensuse-updates/2014-05/msg00010.html

lists.opensuse.org/opensuse-updates/2014-05/msg00013.html

lists.opensuse.org/opensuse-updates/2014-05/msg00033.html

lists.opensuse.org/opensuse-updates/2014-05/msg00040.html

rhn.redhat.com/errata/RHSA-2014-0448.html

rhn.redhat.com/errata/RHSA-2014-0449.html

secunia.com/advisories/59866

www.debian.org/security/2014/dsa-2918

www.debian.org/security/2014/dsa-2924

www.mozilla.org/security/announce/2014/mfsa2014-38.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/67131

www.securitytracker.com/id/1030163

www.securitytracker.com/id/1030164

www.securitytracker.com/id/1030165

www.ubuntu.com/usn/USN-2185-1

www.ubuntu.com/usn/USN-2189-1

bugzilla.mozilla.org/show_bug.cgi?id=989183

lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html

lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

security.gentoo.org/glsa/201504-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

Related for PRION:CVE-2014-1524

ubuntucve1 mozilla1 cve1 openvas43 nessus34 oraclelinux2 redhat2 osv2 veracode5 mageia2 centos2 debian2 ubuntu2 suse6 ibm2 securityvulns1 freebsd1 gentoo1