Lucene search
Mozilla FoundationMFSA2015-02HistoryJan 13, 2015 - 12:00 a.m.
Uninitialized memory use during bitmap rendering — Mozilla
2015-01-1300:00:00
Mozilla Foundation
www.mozilla.org
26
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.004
Percentile
74.8%
Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.
Affected configurations
Node
mozillafirefoxRange<35
ORmozillaseamonkeyRange<2.32
Related
ubuntucve
ubuntucve
CVE-2014-8637
2015-01-14 00:00:00
prion
prion
Information disclosure
2015-01-14 11:59:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-02) - Linux
2021-11-11 00:00:00
SUSE: Security Advisory for Mozilla (SUSE-SU-2015:0173-1)
2015-10-16 00:00:00
SUSE: Security Advisory for Mozilla (SUSE-SU-2015:0180-1)
2015-10-13 00:00:00
cvelist
cvelist
CVE-2014-8637
2015-01-14 11:00:00
cve
cve
CVE-2014-8637
2015-01-14 11:59:06
nvd
nvd
CVE-2014-8637
2015-01-14 11:59:06
nessus
nessus
SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:0171-1)
2015-05-20 00:00:00
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10225)
2015-02-02 00:00:00
SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2015:0173-1)
2015-05-20 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2015-01-29 07:04:56
Security update for Mozilla Firefox (important)
2015-01-31 01:09:23
Security update for Mozilla Firefox (important)
2015-01-29 07:06:36
mageia
mageia
Updated iceape package fixes security vulnerabilities
2015-01-19 19:47:36
ubuntu
ubuntu
Firefox vulnerabilities
2015-01-14 00:00:00
Firefox regression
2015-01-27 00:00:00
Ubufox update
2015-01-14 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-01-14 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.004
Percentile
74.8%
Related for MFSA2015-02