Lucene search

K

PRIOn knowledge basePRION:CVE-2014-1581

HistoryOct 15, 2014 - 10:55 a.m.

Design/Logic Flaw

2014-10-1510:55:00

PRIOn knowledge base

www.prio-n.com

4

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.14 Low

EPSS

Percentile

95.5%

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

CPENameOperatorVersion
firefoxle32.0
firefoxeq31.0
firefoxeq30.0
firefoxeq31.1.0
firefox_esreq31.1.0
firefox_esreq31.0
thunderbirdeq31.0
thunderbirdeq31.1.0

References

lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-updates/2014-11/msg00000.html

lists.opensuse.org/opensuse-updates/2014-11/msg00001.html

lists.opensuse.org/opensuse-updates/2014-11/msg00002.html

lists.opensuse.org/opensuse-updates/2014-11/msg00003.html

rhn.redhat.com/errata/RHSA-2014-1635.html

rhn.redhat.com/errata/RHSA-2014-1647.html

secunia.com/advisories/61387

secunia.com/advisories/61854

secunia.com/advisories/62021

secunia.com/advisories/62022

secunia.com/advisories/62023

www.debian.org/security/2014/dsa-3050

www.debian.org/security/2014/dsa-3061

www.mozilla.org/security/announce/2014/mfsa2014-79.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/70426

www.securitytracker.com/id/1031028

www.securitytracker.com/id/1031030

www.ubuntu.com/usn/USN-2372-1

www.ubuntu.com/usn/USN-2373-1

advisories.mageia.org/MGASA-2014-0421.html

bugzilla.mozilla.org/show_bug.cgi?id=1068218

lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html

lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html

security.gentoo.org/glsa/201504-01

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.14 Low

EPSS

Percentile

95.5%

Related for PRION:CVE-2014-1581

ubuntucve1 mozilla1 zdi1 openvas31 cve1 redhat2 nessus36 oraclelinux2 centos2 veracode5 osv2 mageia2 ubuntu2 debian5 suse6 freebsd1 securityvulns1 ibm1 gentoo1