IBMCC3E705F8E829CEC60F9EADDF12A9691247B3AF85557BF01AB12AB9EC49AAADESecurity Bulletin: Vulnerabilities in Firefox affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance (CVE-2014-1562, CVE-2014-1567)
EPSS
Percentile
95.5%
Summary
Vulnerabilities in Firefox affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance (CVE-2014-1562, CVE-2014-1567).
Vulnerability Details
CVEID: CVE-2014-1562**
DESCRIPTION:** Mozilla Firefox and Thunderbird might allow a remote attacker to execute arbitrary code on the system, which is caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker might exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/95654>_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-1567**
DESCRIPTION:** Mozilla Firefox and Thunderbird might allow a remote attacker to execute arbitrary code on the system, which is caused by a use-after-free during text layout. By persuading a victim to visit a specially crafted Web site, a remote attacker might exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95661> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected Products and Versions
SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance
Remediation/Fixes
The recommended solution is download SmartCloud Provisioning 2.1 Fix Pack 5 for IBM Provided Software Virtual Appliance Interim Fix 2 from Fix Central and apply it as soon as practical.
Workarounds and Mitigations
None
Related
EPSS
Percentile
95.5%