Lucene search

MozillaCVE-2014-1567

HistorySep 03, 2014 - 10:55 a.m.

CVE-2014-1567

2014-09-0310:55:06

mozilla

web.nvd.nist.gov

cve-2014-1567

mozilla firefox

use-after-free vulnerability

directionalityutils.cpp

nvd

security vulnerability

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.6

Confidence

High

EPSS

0.12

Percentile

95.5%

JSON

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

Affected configurations

Nvd

Node

mozillafirefoxRange≤31.1.0

mozillafirefoxMatch30.0

mozillafirefoxMatch31.0

Node

mozillafirefox_esrMatch24.0

mozillafirefox_esrMatch24.0.1

mozillafirefox_esrMatch24.0.2

mozillafirefox_esrMatch24.1.0

mozillafirefox_esrMatch24.1.1

mozillafirefox_esrMatch24.2

mozillafirefox_esrMatch24.3

mozillafirefox_esrMatch24.4

mozillafirefox_esrMatch24.5

mozillafirefox_esrMatch24.6

mozillafirefox_esrMatch24.7

mozillafirefox_esrMatch31.0

Node

mozillathunderbirdMatch24.0

mozillathunderbirdMatch24.0.1

mozillathunderbirdMatch24.1

mozillathunderbirdMatch24.1.1

mozillathunderbirdMatch24.2

mozillathunderbirdMatch24.3

mozillathunderbirdMatch24.4

mozillathunderbirdMatch24.5

mozillathunderbirdMatch24.6

mozillathunderbirdMatch24.7

mozillathunderbirdMatch31.0

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox30.0cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
mozillafirefox31.0cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
mozillafirefox_esr24.0cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*
mozillafirefox_esr24.0.1cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*
mozillafirefox_esr24.0.2cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*
mozillafirefox_esr24.1.0cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*
mozillafirefox_esr24.1.1cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*
mozillafirefox_esr24.2cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*
mozillafirefox_esr24.3cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	30.0	cpe:2.3:a:mozilla:firefox:30.0:::::::*
mozilla	firefox	31.0	cpe:2.3:a:mozilla:firefox:31.0:::::::*
mozilla	firefox_esr	24.0	cpe:2.3:a:mozilla:firefox_esr:24.0:::::::*
mozilla	firefox_esr	24.0.1	cpe:2.3:a:mozilla:firefox_esr:24.0.1:::::::*
mozilla	firefox_esr	24.0.2	cpe:2.3:a:mozilla:firefox_esr:24.0.2:::::::*
mozilla	firefox_esr	24.1.0	cpe:2.3:a:mozilla:firefox_esr:24.1.0:::::::*
mozilla	firefox_esr	24.1.1	cpe:2.3:a:mozilla:firefox_esr:24.1.1:::::::*
mozilla	firefox_esr	24.2	cpe:2.3:a:mozilla:firefox_esr:24.2:::::::*
mozilla	firefox_esr	24.3	cpe:2.3:a:mozilla:firefox_esr:24.3:::::::*