CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
95.4%
The Mozilla Project reports:
ASN.1 DER decoding of lengths is too permissive, allowing
undetected smuggling of arbitrary data
MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10
logging input data to /tmp directory
MFSA-2014-89 Bad casting from the BasicThebesLayer to
BasicContainerLayer
MFSA-2014-88 Buffer overflow while parsing media content
MFSA-2014-87 Use-after-free during HTML5 parsing
MFSA-2014-86 CSP leaks redirect data via violation reports
MFSA-2014-85 XMLHttpRequest crashes with some input streams
MFSA-2014-84 XBL bindings accessible via improper CSS
declarations
MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0
/ rv:31.3)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 34.0,1 | UNKNOWN |
FreeBSD | any | noarch | firefox-esr | < 31.3.0,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 34.0,1 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 2.31 | UNKNOWN |
FreeBSD | any | noarch | linux-thunderbird | < 31.3.0 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 2.31 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 31.3.0 | UNKNOWN |
FreeBSD | any | noarch | libxul | < 31.3.0 | UNKNOWN |
FreeBSD | any | noarch | nss | < 3.17.3 | UNKNOWN |
www.mozilla.org/security/advisories/
www.mozilla.org/security/advisories/mfsa2014-83
www.mozilla.org/security/advisories/mfsa2014-84
www.mozilla.org/security/advisories/mfsa2014-85
www.mozilla.org/security/advisories/mfsa2014-86
www.mozilla.org/security/advisories/mfsa2014-87
www.mozilla.org/security/advisories/mfsa2014-88
www.mozilla.org/security/advisories/mfsa2014-89
www.mozilla.org/security/advisories/mfsa2014-90