Miscellaneous memory safety hazards (rv:31.0 / rv:24.7) — Mozilla

2014-07-2200:00:00

Mozilla Foundation

www.mozilla.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.264

Percentile

96.8%

JSON

Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Affected configurations

Vulners

Node

mozillafirefoxRange<31

mozillafirefox_esrRange<24.7

mozillathunderbirdRange<24.7

mozillathunderbirdRange<31

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox_esr*cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox_esr	*	cpe:2.3:a:mozilla:firefox_esr::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548

bugzilla.mozilla.org/buglist.cgi?bug_id=1012694,1019684,985070,1024765

bugzilla.mozilla.org/buglist.cgi?bug_id=990096,1013056,1034383,1035438,1002702,1020041,1020008,1009675,1021312,1020219,994444,1022773,1028358,1021969,1021240