(Pwn2Own) Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability
2014-04-11T00:00:00
ID ZDI-14-083 Type zdi Reporter VUPEN Modified 2014-11-09T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of TypeObjects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.
{"title": "(Pwn2Own) Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability", "viewCount": 1, "modified": "2014-11-09T00:00:00", "objectVersion": "1.2", "type": "zdi", "bulletinFamily": "info", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-083", "history": [{"differentElements": ["modified"], "lastseen": "2016-09-04T11:33:44", "bulletin": {"viewCount": 1, "title": "(Pwn2Own) Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-083", "objectVersion": "1.2", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "modified": "2014-09-04T00:00:00", "history": [], "reporter": "VUPEN", "references": ["http://www.mozilla.org/security/announce/2014/mfsa2014-30.html "], "published": "2014-04-11T00:00:00", "id": "ZDI-14-083", "lastseen": "2016-09-04T11:33:44", "edition": 1, "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "fc6e45afd36d718d9fb6578ece896067", "key": "reporter"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "42935e01683474613f718d57632acc77", "key": "cvelist"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "c9e20feb85166f2a9f5b1c0382db2800", "key": "description"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "61db6fefa0967c107fcf2c4a59abc464", "key": "title"}, {"hash": "0ba4266b98eb8a4604966cf701ff5ee8", "key": "references"}, {"hash": "30f5f67501daecd2b53981aa723dc255", "key": "href"}, {"hash": "9a10e9ed12ba0880a3e4c132dbded84d", "key": "modified"}], "cvelist": ["CVE-2014-1512"], "hash": "6767fc6e3bd394339a40f80a808611f60701604495e086a636f50a7dc7068dcc", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TypeObjects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process."}, "edition": 1}], "reporter": "VUPEN", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "references": ["http://www.mozilla.org/security/announce/2014/mfsa2014-30.html "], "lastseen": "2016-11-09T00:18:10", "cvelist": ["CVE-2014-1512"], "edition": 2, "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "42935e01683474613f718d57632acc77", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "c9e20feb85166f2a9f5b1c0382db2800", "key": "description"}, {"hash": "30f5f67501daecd2b53981aa723dc255", "key": "href"}, {"hash": "0e8f4f13c11de32dac689cf2a0ab4284", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "0ba4266b98eb8a4604966cf701ff5ee8", "key": "references"}, {"hash": "fc6e45afd36d718d9fb6578ece896067", "key": "reporter"}, {"hash": "61db6fefa0967c107fcf2c4a59abc464", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "id": "ZDI-14-083", "hash": "078360728f9506143fdc9df6ed7a01788f8b6a9f849d7789cadf9fbd7de8dffe", "published": "2014-04-11T00:00:00", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TypeObjects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "enchantments": {"vulnersScore": 8.3}}
{"result": {"cve": [{"id": "CVE-2014-1512", "type": "cve", "title": "CVE-2014-1512", "description": "Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.", "published": "2014-03-19T06:55:06", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1512", "cvelist": ["CVE-2014-1512"], "lastseen": "2017-12-16T11:24:40"}], "mozilla": [{"id": "MFSA2014-30", "type": "mozilla", "title": "Use-after-free in TypeObject", "description": "Security research firm VUPEN, via TippingPoint's Pwn2Own\ncontest, reported that memory pressure during Garbage Collection could lead to\nmemory corruption of TypeObjects in the JS engine, resulting in an exploitable\nuse-after-free condition.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "published": "2014-03-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2014-30/", "cvelist": ["CVE-2014-1512"], "lastseen": "2016-09-05T13:37:51"}], "openvas": [{"id": "OPENVAS:1361412562310702911", "type": "openvas", "title": "Debian Security Advisory DSA 2911-1 (icedove - security update)", "description": "Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or denial of service.", "published": "2014-04-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702911", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2018-04-06T11:10:53"}, {"id": "OPENVAS:1361412562310702881", "type": "openvas", "title": "Debian Security Advisory DSA 2881-1 (iceweasel - security update)", "description": "Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702881", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2018-04-06T11:11:25"}, {"id": "OPENVAS:702881", "type": "openvas", "title": "Debian Security Advisory DSA 2881-1 (iceweasel - security update)", "description": "Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702881", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-08-02T10:48:54"}, {"id": "OPENVAS:702911", "type": "openvas", "title": "Debian Security Advisory DSA 2911-1 (icedove - security update)", "description": "Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or denial of service.", "published": "2014-04-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702911", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-08-03T10:48:41"}, {"id": "OPENVAS:1361412562310881902", "type": "openvas", "title": "CentOS Update for firefox CESA-2014:0310 centos6 ", "description": "Check for the Version of firefox", "published": "2014-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881902", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2018-04-09T11:11:54"}, {"id": "OPENVAS:1361412562310804524", "type": "openvas", "title": "Mozilla Firefox ESR Multiple Vulnerabilities-01 Mar14 (Windows)", "description": "This host is installed with Mozilla Firefox ESR and is prone to multiple\nvulnerabilities.", "published": "2014-03-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804524", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "lastseen": "2017-07-31T10:49:02"}, {"id": "OPENVAS:881907", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2014:0316 centos6 ", "description": "Check for the Version of thunderbird", "published": "2014-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881907", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-07-25T10:48:22"}, {"id": "OPENVAS:841761", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-2151-1", "description": "Check for the Version of thunderbird", "published": "2014-03-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841761", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-12-04T11:17:14"}, {"id": "OPENVAS:1361412562310881901", "type": "openvas", "title": "CentOS Update for firefox CESA-2014:0310 centos5 ", "description": "Check for the Version of firefox", "published": "2014-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881901", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2018-04-09T11:12:30"}, {"id": "OPENVAS:871141", "type": "openvas", "title": "RedHat Update for firefox RHSA-2014:0310-01", "description": "Check for the Version of firefox", "published": "2014-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=871141", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-07-27T10:48:40"}], "debian": [{"id": "DSA-2911", "type": "debian", "title": "icedove -- security update", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 24.4.0-1~deb7u1. This updates Icedove to the Extended Support Release (ESR) branch 24. An updated and compatible version of Enigmail is included with this update.\n\nFor the testing distribution (jessie), these problems have been fixed in version 24.4.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 24.4.0-1.\n\nWe recommend that you upgrade your icedove packages.", "published": "2014-04-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2911", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-11-11T14:51:31"}, {"id": "DSA-2881", "type": "debian", "title": "iceweasel -- security update", "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 24.4.0esr-1~deb7u2.\n\nFor the unstable distribution (sid), these problems have been fixed in version 24.4.0esr-1.\n\nWe recommend that you upgrade your iceweasel packages.", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2881", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2016-09-02T18:23:23"}], "nessus": [{"id": "DEBIAN_DSA-2911.NASL", "type": "nessus", "title": "Debian DSA-2911-1 : icedove - security update", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.", "published": "2014-04-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73657", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-10-29T13:38:13"}, {"id": "DEBIAN_DSA-2881.NASL", "type": "nessus", "title": "Debian DSA-2881-1 : iceweasel - security update", "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service.", "published": "2014-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73106", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-10-29T13:41:44"}, {"id": "UBUNTU_USN-2151-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)", "description": "Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1493)\n\nAtte Kettunen discovered an out-of-bounds read during WAV file decoding. If a user had enabled audio, an attacker could potentially exploit this to cause a denial of service via application crash.\n(CVE-2014-1497)\n\nRobert O'Callahan discovered a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1505)\n\nTyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read during polygon rendering in MathML. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1508)\n\nJohn Thomson discovered a memory corruption bug in the Cairo graphics library. If a user had a malicious extension installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1509)\n\nMariusz Mlynski discovered that web content could open a chrome privileged page and bypass the popup blocker in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1510, CVE-2014-1511)\n\nIt was discovered that memory pressure during garbage collection resulted in memory corruption in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1512)\n\nJuri Aedla discovered out-of-bounds reads and writes with TypedArrayObject in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1513)\n\nGeorge Hotz discovered an out-of-bounds write with TypedArrayObject.\nIf a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird.\n(CVE-2014-1514).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-03-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73148", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-10-29T13:37:03"}, {"id": "MACOSX_THUNDERBIRD_24_4.NASL", "type": "nessus", "title": "Thunderbird < 24.4 Multiple Vulnerabilities (Mac OS X)", "description": "The installed version of Thunderbird is a version prior to version 24.4. It is, therefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73097", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "lastseen": "2017-10-29T13:43:31"}, {"id": "SL_20140318_FIREFOX_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509)\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "published": "2014-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73114", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-10-29T13:36:05"}, {"id": "MOZILLA_THUNDERBIRD_24_4.NASL", "type": "nessus", "title": "Mozilla Thunderbird < 24.4 Multiple Vulnerabilities", "description": "The installed version of Thunderbird is a version prior to 24.4 and is, therefore, potentially affected the following vulnerabilities:\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)\n\n - An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73100", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "lastseen": "2017-10-29T13:33:01"}, {"id": "MACOSX_FIREFOX_24_4_ESR.NASL", "type": "nessus", "title": "Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)", "description": "The installed version of Firefox ESR 24.x is prior to 24.4 and is, therefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2014-1495) \n - An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73095", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1495", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "lastseen": "2017-10-29T13:43:43"}, {"id": "ORACLELINUX_ELSA-2014-0310.NASL", "type": "nessus", "title": "Oracle Linux 5 / 6 : firefox (ELSA-2014-0310)", "description": "From Red Hat Security Advisory 2014:0310 :\n\nUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Juri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 24.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73088", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-12-28T23:01:47"}, {"id": "REDHAT-RHSA-2014-0316.NASL", "type": "nessus", "title": "RHEL 5 / 6 : thunderbird (RHSA-2014:0316)", "description": "An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Juri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.4.0. You can find a link to the Mozilla advisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes to take effect.", "published": "2014-03-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73113", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-12-28T23:07:51"}, {"id": "MOZILLA_FIREFOX_24_4_ESR.NASL", "type": "nessus", "title": "Firefox ESR 24.x < 24.4 Multiple Vulnerabilities", "description": "The installed version of Firefox ESR 24.x is a version prior to 24.4.\nIt is, therefore, potentially affected by the following vulnerabilities :\n\n - Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)\n\n - A flaw exists in the checkHandshake() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2014-1495)\n\n - An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)\n\n - An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.\n (CVE-2014-1497)\n\n - An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)\n\n - A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.\n (CVE-2014-1509)\n\n - An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.\n (CVE-2014-1505)\n\n - An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.\n (CVE-2014-1510)\n\n - An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)\n\n - A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.\n (CVE-2014-1512)\n\n - An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.\n (CVE-2014-1513)\n\n - An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73098", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1495", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496"], "lastseen": "2017-10-29T13:44:12"}], "redhat": [{"id": "RHSA-2014:0310", "type": "redhat", "title": "(RHSA-2014:0310) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2014-03-18T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0310", "cvelist": ["CVE-2014-1493", "CVE-2014-1497", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514"], "lastseen": "2017-09-09T07:20:26"}, {"id": "RHSA-2014:0316", "type": "redhat", "title": "(RHSA-2014:0316) Important: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Thunderbird to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain\nPDF files. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.4.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n", "published": "2014-03-19T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0316", "cvelist": ["CVE-2014-1493", "CVE-2014-1497", "CVE-2014-1505", "CVE-2014-1508", "CVE-2014-1509", "CVE-2014-1510", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1513", "CVE-2014-1514"], "lastseen": "2017-09-09T07:20:11"}], "centos": [{"id": "CESA-2014:0310", "type": "centos", "title": "firefox security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0310\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Firefox\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,\nCVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Firefox rendered certain PDF\nfiles. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Firefox or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 24.4.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020213.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020217.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0310.html", "published": "2014-03-19T00:08:42", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/020213.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-10-03T18:24:56"}, {"id": "CESA-2014:0316", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0316\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,\nCVE-2014-1513, CVE-2014-1514)\n\nSeveral information disclosure flaws were found in the way Thunderbird\nprocessed malformed web content. An attacker could use these flaws to gain\naccess to sensitive information such as cross-domain content or protected\nmemory addresses or, potentially, cause Thunderbird to crash.\n(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)\n\nA memory corruption flaw was found in the way Thunderbird rendered certain\nPDF files. An attacker able to trick a user into installing a malicious\nextension could use this flaw to crash Thunderbird or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2014-1509)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\nJesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,\nJesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,\nJuri Aedla, George Hotz, and the security research firm VUPEN as the\noriginal reporters of these issues.\n\nNote: All of the above issues cannot be exploited by a specially-crafted\nHTML mail message as JavaScript is disabled by default for mail messages.\nThey could be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 24.4.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 24.4.0, which corrects these issues.\nAfter installing the update, Thunderbird must be restarted for the changes\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020218.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020219.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0316.html", "published": "2014-03-19T21:09:48", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/020218.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2017-10-03T18:26:31"}], "oraclelinux": [{"id": "ELSA-2014-0310", "type": "oraclelinux", "title": "firefox security update", "description": "[24.4.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n- Build with nspr-devel >= 4.10.0 to fix build failure\n[24.4.0-1]\n- Update to 24.4.0 ESR\n[24.3.0-4]\n- Fixed rhbz#1070467 - Enable Add Ons by default in Firefox\n[24.3.0-3]\n- Fixed rhbz#1054832 - Firefox does not support Camellia cipher", "published": "2014-03-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0310.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2016-09-04T11:16:40"}, {"id": "ELSA-2014-0316", "type": "oraclelinux", "title": "thunderbird security update", "description": "[24.4.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[24.4.0-1]\n- Update to 24.4.0", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0316.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2016-09-04T11:17:00"}], "ubuntu": [{"id": "USN-2151-1", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "description": "Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1493)\n\nAtte Kettunen discovered an out-of-bounds read during WAV file decoding. If a user had enabled audio, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1497)\n\nRobert O\u2019Callahan discovered a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1505)\n\nTyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read during polygon rendering in MathML. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1508)\n\nJohn Thomson discovered a memory corruption bug in the Cairo graphics library. If a user had a malicious extension installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1509)\n\nMariusz Mlynski discovered that web content could open a chrome privileged page and bypass the popup blocker in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1510, CVE-2014-1511)\n\nIt was discovered that memory pressure during garbage collection resulted in memory corruption in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1512)\n\nJ\u00fcri Aedla discovered out-of-bounds reads and writes with TypedArrayObject in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1513)\n\nGeorge Hotz discovered an out-of-bounds write with TypedArrayObject. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1514)", "published": "2014-03-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2151-1/", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1508", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1497", "CVE-2014-1493"], "lastseen": "2018-03-29T18:19:41"}, {"id": "USN-2150-1", "type": "ubuntu", "title": "Firefox vulnerabilities", "description": "Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1493, CVE-2014-1494)\n\nAtte Kettunen discovered an out-of-bounds read during WAV file decoding. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1497)\n\nDavid Keeler discovered that crypto.generateCRFMRequest did not correctly validate all arguments. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1498)\n\nEhsan Akhgari discovered that the WebRTC permission dialog can display the wrong originating site information under some circumstances. An attacker could potentially exploit this by tricking a user in order to gain access to their webcam or microphone. (CVE-2014-1499)\n\nTim Philipp Sch\u00e4fers and Sebastian Neef discovered that onbeforeunload events used with page navigations could make the browser unresponsive in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2014-1500)\n\nJeff Gilbert discovered that WebGL content could manipulate content from another sites WebGL context. An attacker could potentially exploit this to conduct spoofing attacks. (CVE-2014-1502)\n\nNicolas Golubovic discovered that CSP could be bypassed for data: documents during session restore. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2014-1504)\n\nRobert O\u2019Callahan discovered a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. An attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1505)\n\nTyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read during polygon rendering in MathML. An attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1508)\n\nJohn Thomson discovered a memory corruption bug in the Cairo graphics library. If a user had a malicious extension installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1509)\n\nMariusz Mlynski discovered that web content could open a chrome privileged page and bypass the popup blocker in some circumstances. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1510, CVE-2014-1511)\n\nIt was discovered that memory pressure during garbage collection resulted in memory corruption in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1512)\n\nJ\u00fcri Aedla discovered out-of-bounds reads and writes with TypedArrayObject in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1513)\n\nGeorge Hotz discovered an out-of-bounds write with TypedArrayObject. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1514)", "published": "2014-03-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2150-1/", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1499"], "lastseen": "2018-03-29T18:19:11"}], "suse": [{"id": "SUSE-SU-2014:0418-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "description": "Mozilla Firefox was updated to 24.4.0ESR release, fixing\n various security issues and bugs:\n\n *\n\n MFSA 2014-15: Mozilla developers and community\n identified identified and fixed several memory safety bugs\n in the browser engine used in Firefox and other\n Mozilla-based products. Some of these bugs showed evidence\n of memory corruption under certain circumstances, and we\n presume that with enough effort at least some of these\n could be exploited to run arbitrary code.\n\n *\n\n Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,\n Jesse Ruderman, Dan Gohman, and Christoph Diehl reported\n memory safety problems and crashes that affect Firefox ESR\n 24.3 and Firefox 27. (CVE-2014-1493)\n\n *\n\n Gregor Wagner, Olli Pettay, Gary Kwong, Jesse\n Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato\n reported memory safety problems and crashes that affect\n Firefox 27. (CVE-2014-1494)\n\n *\n\n MFSA 2014-16 / CVE-2014-1496: Security researcher Ash\n reported an issue where the extracted files for updates to\n existing files are not read only during the update process.\n This allows for the potential replacement or modification\n of these files during the update process if a malicious\n application is present on the local system.\n\n *\n\n MFSA 2014-17 / CVE-2014-1497: Security researcher\n Atte Kettunen from OUSPG reported an out of bounds read\n during the decoding of WAV format audio files for playback.\n This could allow web content access to heap data as well as\n causing a crash.\n\n *\n\n MFSA 2014-18 / CVE-2014-1498: Mozilla developer David\n Keeler reported that the crypto.generateCRFMRequest method\n did not correctly validate the key type of the KeyParams\n argument when generating ec-dual-use requests. This could\n lead to a crash and a denial of service (DOS) attack.\n\n *\n\n MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan\n Akhgari reported a spoofing attack where the permission\n prompt for a WebRTC session can appear to be from a\n different site than its actual originating site if a timed\n navigation occurs during the prompt generation. This allows\n an attacker to potentially gain access to the webcam or\n microphone by masquerading as another site and gaining user\n permission through spoofing.\n\n *\n\n MFSA 2014-20 / CVE-2014-1500: Security researchers\n Tim Philipp Schaefers and Sebastian Neef, the team of\n Internetwache.org, reported a mechanism using JavaScript\n onbeforeunload events with page navigation to prevent users\n from closing a malicious page's tab and causing the browser\n to become unresponsive. This allows for a denial of service\n (DOS) attack due to resource consumption and blocks the\n ability of users to exit the application.\n\n *\n\n MFSA 2014-21 / CVE-2014-1501: Security researcher\n Alex Infuehr reported that on Firefox for Android it is\n possible to open links to local files from web content by\n selecting "Open Link in New Tab" from the context menu\n using the file: protocol. The web content would have to\n know the precise location of a malicious local file in\n order to exploit this issue. This issue does not affect\n Firefox on non-Android systems.\n\n *\n\n MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff\n Gilbert discovered a mechanism where a malicious site with\n WebGL content could inject content from its context to that\n of another site's WebGL context, causing the second site to\n replace textures and similar content. This cannot be used\n to steal data but could be used to render arbitrary content\n in these limited circumstances.\n\n *\n\n MFSA 2014-23 / CVE-2014-1504: Security researcher\n Nicolas Golubovic reported that the Content Security Policy\n (CSP) of data: documents was not saved as part of session\n restore. If an attacker convinced a victim to open a\n document from a data: URL injected onto a page, this can\n lead to a Cross-Site Scripting (XSS) attack. The target\n page may have a strict CSP that protects against this XSS\n attack, but if the attacker induces a browser crash with\n another bug, an XSS attack would occur during session\n restoration, bypassing the CSP on the site.\n\n *\n\n MFSA 2014-26 / CVE-2014-1508: Security researcher\n Tyson Smith and Jesse Schwartzentruber of the BlackBerry\n Security Automated Analysis Team used the Address Sanitizer\n tool while fuzzing to discover an out-of-bounds read during\n polygon rendering in MathML. This can allow web content to\n potentially read protected memory addresses. In combination\n with previous techniques used for SVG timing attacks, this\n could allow for text values to be read across domains,\n leading to information disclosure.\n\n *\n\n MFSA 2014-27 / CVE-2014-1509: Security researcher\n John Thomson discovered a memory corruption in the Cairo\n graphics library during font rendering of a PDF file for\n display. This memory corruption leads to a potentially\n exploitable crash and to a denial of service (DOS). This\n issues is not able to be triggered in a default\n configuration and would require a malicious extension to be\n installed.\n\n *\n\n MFSA 2014-28 / CVE-2014-1505: Mozilla developer\n Robert O'Callahan reported a mechanism for timing attacks\n involving SVG filters and displacements input to\n feDisplacementMap. This allows displacements to potentially\n be correlated with values derived from content. This is\n similar to the previously reported techniques used for SVG\n timing attacks and could allow for text values to be read\n across domains, leading to information disclosure.\n\n *\n\n MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511:\n Security researcher Mariusz Mlynski, via TippingPoint's\n Pwn2Own contest, reported that it is possible for untrusted\n web content to load a chrome-privileged page by getting\n JavaScript-implemented WebIDL to call window.open(). A\n second bug allowed the bypassing of the popup-blocker\n without user interaction. Combined these two bugs allow an\n attacker to load a JavaScript URL that is executed with the\n full privileges of the browser, which allows arbitrary code\n execution.\n\n *\n\n MFSA 2014-30 / CVE-2014-1512: Security research firm\n VUPEN, via TippingPoint's Pwn2Own contest, reported that\n memory pressure during Garbage Collection could lead to\n memory corruption of TypeObjects in the JS engine,\n resulting in an exploitable use-after-free condition.\n\n *\n\n MFSA 2014-31 / CVE-2014-1513: Security researcher\n Jueri Aedla, via TippingPoint's Pwn2Own contest, reported\n that TypedArrayObject does not handle the case where\n ArrayBuffer objects are neutered, setting their length to\n zero while still in use. This leads to out-of-bounds reads\n and writes into the JavaScript heap, allowing for arbitrary\n code execution.\n\n *\n\n MFSA 2014-32 / CVE-2014-1514: Security researcher\n George Hotz, via TippingPoint's Pwn2Own contest, discovered\n an issue where values are copied from an array into a\n second, neutered array. This allows for an out-of-bounds\n write into memory, causing an exploitable crash leading to\n arbitrary code execution.\n\n", "published": "2014-03-21T23:04:18", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1496", "CVE-2014-1499"], "lastseen": "2016-09-04T11:57:23"}, {"id": "OPENSUSE-SU-2014:0584-1", "type": "suse", "title": "MozillaThunderbird,seamonkey (important)", "description": "Mozilla Thunderbird was updated to 24.4.0. Mozilla\n SeaMonkey was updated to 2.25.\n\n * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous\n memory safety hazards\n * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds\n read during WAV file decoding\n * MFSA 2014-18/CVE-2014-1498 (bmo#935618)\n crypto.generateCRMFRequest does not validate type of key\n * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack\n on WebRTC permission prompt\n * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload\n and Javascript navigation DOS\n * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content\n injection from one domain to rendering in another\n * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content\n Security Policy for data: documents not preserved by\n session restore\n * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information\n disclosure through polygon rendering in MathML\n * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory\n corruption in Cairo during PDF font rendering\n * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters\n information disclosure through feDisplacementMap\n * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,\n bmo#982909) Privilege escalation using\n WebIDL-implemented APIs\n * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free\n in TypeObject\n * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds\n read/write through neutering ArrayBuffer objects\n * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds\n write through TypedArrayObject after neutering\n\n", "published": "2014-04-30T09:04:15", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1499"], "lastseen": "2016-09-04T11:29:31"}, {"id": "OPENSUSE-SU-2014:0448-1", "type": "suse", "title": "MozillaFirefox: Update to version 28.0 (important)", "description": "Mozilla Firefox was updated to version 28.0, receiving\n enhancements, bug and security fixes. Mozilla NSPR was\n updated to 4.10.4 receiving enhancements, bug and security\n fixes. Mozilla NSS was updated to 3.15.5 receiving\n enhancements, bug and security fixes.\n\n Changes in MozillaFirefox:\n - update to Firefox 28.0 (bnc#868603)\n * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous\n memory safety hazards\n * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds\n read during WAV file decoding\n * MFSA 2014-18/CVE-2014-1498 (bmo#935618)\n crypto.generateCRMFRequest does not validate type of key\n * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack\n on WebRTC permission prompt\n * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload\n and Javascript navigation DOS\n * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content\n injection from one domain to rendering in another\n * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content\n Security Policy for data: documents not preserved by\n session restore\n * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information\n disclosure through polygon rendering in MathML\n * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory\n corruption in Cairo during PDF font rendering\n * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters\n information disclosure through feDisplacementMap\n * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,\n bmo#982909) Privilege escalation using\n WebIDL-implemented APIs\n * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free\n in TypeObject\n * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds\n read/write through neutering ArrayBuffer objects\n * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds\n write through TypedArrayObject after neutering\n - requires NSPR 4.10.3 and NSS 3.15.5\n - new build dependency (and recommends):\n * libpulse\n * JS math correctness issue (bmo#941381)\n\n Changes in mozilla-nspr:\n - update to version 4.10.4\n * bmo#767759: Add support for new x32 abi\n * bmo#844784: Thread data race in PR_EnterMonitor\n * bmo#939786: data race\n nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root\n * bmo#958796: Users of _beginthreadex that set a custom\n stack size may not be getting the behavior they want\n * bmo#963033: AArch64 support update for NSPR\n * bmo#969061: Incorrect end-of-list test when iterating\n over a PRCList in prcountr.c and prtrace.c\n * bmo#971152: IPv6 detection on linux depends on\n availability of /proc/net/if_inet6\n\n - update to version 4.10.3\n * bmo#749849: ensure we'll free the thread-specific data\n key.\n * bmo#941461: don't compile android with unaligned memory\n access.\n * bmo#932398: Add PR_SyncMemMap, a portable version of\n msync/FlushViewOfFile.\n * bmo#952621: Fix a thread-unsafe access to lock->owner\n in PR_Lock.\n * bmo#957458: Fix several bugs in the lock rank checking\n code.\n * bmo#936320: Use an alternative test for IPv6 support on\n Linux to avoid opening a socket.\n\n Changes in mozilla-nss:\n - update to 3.15.5\n * required for Firefox 28\n * export FREEBL_LOWHASH to get the correct default\n headers (bnc#865539) New functionality\n * Added support for the TLS application layer protocol\n negotiation (ALPN) extension. Two SSL socket options,\n SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to\n control whether NPN or ALPN (or both) should be used\n for application layer protocol negotiation.\n * Added the TLS padding extension. The extension type\n value is 35655, which may change when an official\n extension type value is assigned by IANA. NSS\n automatically adds the padding extension to ClientHello\n when necessary.\n * Added a new macro CERT_LIST_TAIL, defined in certt.h,\n for getting the tail of a CERTCertList. Notable Changes\n * bmo#950129: Improve the OCSP fetching policy when\n verifying OCSP responses\n * bmo#949060: Validate the iov input argument (an array\n of PRIOVec structures) of ssl_WriteV (called via\n PR_Writev). Applications should still take care when\n converting struct iov to PRIOVec because the iov_len\n members of the two structures have different types\n (size_t vs. int). size_t is unsigned and may be larger\n than int.\n\n", "published": "2014-03-26T17:04:14", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1499"], "lastseen": "2016-09-04T11:18:43"}, {"id": "OPENSUSE-SU-2014:0419-1", "type": "suse", "title": "Mozilla updates 2014/03 (important)", "description": "This patch contains a collection of security relevant\n updates for Mozilla applications.\n\n Update Firefox to 24.4.0 (bnc#868603) Update Thunderbird to\n 24.4.0 Update NSPR to 4.10.4 Update NSS to 3.15.5\n\n * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous\n memory safety hazards\n * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds\n read during WAV file decoding\n * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information\n disclosure through polygon rendering in MathML\n * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory\n corruption in Cairo during PDF font rendering\n * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters\n information disclosure through feDisplacementMap\n * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,\n bmo#982909) Privilege escalation using\n WebIDL-implemented APIs\n * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free\n in TypeObject\n * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds\n read/write through neutering ArrayBuffer objects\n * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds\n write through TypedArrayObject after neutering\n\n", "published": "2014-03-21T23:04:31", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1481", "CVE-2014-1487", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1486", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1477", "CVE-2014-1482", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1490", "CVE-2014-1498", "CVE-2014-1480", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1478", "CVE-2014-1485", "CVE-2014-1493", "CVE-2014-1488", "CVE-2014-1491", "CVE-2014-1483", "CVE-2014-1499"], "lastseen": "2016-09-04T11:46:06"}, {"id": "OPENSUSE-SU-2014:1100-1", "type": "suse", "title": "Firefox update to 31.1esr (important)", "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "published": "2014-09-09T18:04:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "lastseen": "2016-09-04T12:21:58"}], "freebsd": [{"id": "610DE647-AF8D-11E3-A25B-B4B52FCE4CE8", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "description": "\nThe Mozilla Project reports:\n\nMFSA 2014-15 Miscellaneous memory safety hazards\n\t (rv:28.0 / rv:24.4)\nMFSA 2014-16 Files extracted during updates are not always\n\t read only\nMFSA 2014-17 Out of bounds read during WAV file decoding\nMFSA 2014-18 crypto.generateCRMFRequest does not validate\n\t type of key\nMFSA 2014-19 Spoofing attack on WebRTC permission prompt\nMFSA 2014-20 onbeforeunload and Javascript navigation DOS\nMFSA 2014-21 Local file access via Open Link in new tab\nMFSA 2014-22 WebGL content injection from one domain to\n\t rendering in another\nMFSA 2014-23 Content Security Policy for data: documents\n\t not preserved by session restore\nMFSA 2014-24 Android Crash Reporter open to manipulation\nMFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable\n\t to relative path escape\nMFSA 2014-26 Information disclosure through polygon\n\t rendering in MathML\nMFSA 2014-27 Memory corruption in Cairo during PDF font\n\t rendering\nMFSA 2014-28 SVG filters information disclosure through\n\t feDisplacementMap\nMFSA 2014-29 Privilege escalation using WebIDL-implemented\n\t APIs\nMFSA 2014-30 Use-after-free in TypeObject\nMFSA 2014-31 Out-of-bounds read/write through neutering\n\t ArrayBuffer objects\nMFSA 2014-32 Out-of-bounds write through TypedArrayObject\n\t after neutering\n\n", "published": "2014-03-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html", "cvelist": ["CVE-2014-1505", "CVE-2014-1513", "CVE-2014-1510", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1504", "CVE-2014-1511", "CVE-2014-1507", "CVE-2014-1512", "CVE-2014-1514", "CVE-2014-1498", "CVE-2014-1501", "CVE-2014-1500", "CVE-2014-1497", "CVE-2014-1493", "CVE-2014-1506", "CVE-2014-1496", "CVE-2014-1499"], "lastseen": "2016-09-26T17:24:25"}], "gentoo": [{"id": "GLSA-201504-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "published": "2015-04-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201504-01", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "lastseen": "2016-09-06T19:46:40"}]}}
