Lucene search

Mozilla FoundationMFSA2014-01

HistoryFeb 04, 2014 - 12:00 a.m.

Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) — Mozilla

2014-02-0400:00:00

Mozilla Foundation

www.mozilla.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.013 Low

EPSS

Percentile

85.7%

JSON

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Affected configurations

Vulners

Node

mozillafirefoxRange<27

mozillafirefox_esrRange<24.3

mozillaseamonkeyRange<2.24

mozillathunderbirdRange<24.3

CPENameOperatorVersion
firefoxlt27
firefox esrlt24.3
seamonkeylt2.24
thunderbirdlt24.3

Name	Operator	Version
firefox	lt	27
firefox esr	lt	24.3
seamonkey	lt	2.24
thunderbird	lt	24.3

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1478

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1495

bugzilla.mozilla.org/buglist.cgi?bug_id=921470,937697,951366,953114,945939,950000,950438,925896,937132,936808,945334

bugzilla.mozilla.org/buglist.cgi?bug_id=944321,911707,938431,944278,922603,925308,950452,939472,944851,924348,932162,942940,945585,946733,953373,867597,911845,916635

bugzilla.mozilla.org/show_bug.cgi?id=942152