CVE-2014-1564

2014-09-0310:55:06

CWE-824

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.026

Percentile

90.4%

JSON

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.

Affected configurations

Nvd

Node

opensuseevergreenMatch11.4

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

mozillafirefoxRange≤31.1.0

mozillafirefoxMatch30.0

mozillafirefoxMatch31.0

mozillafirefox_esrMatch31.0

mozillathunderbirdMatch31.0

VendorProductVersionCPE
opensuseevergreen11.4cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
opensuseopensuse12.3cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox30.0cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
mozillafirefox31.0cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
mozillafirefox_esr31.0cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
mozillathunderbird31.0cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	evergreen	11.4	cpe:2.3:o:opensuse:evergreen:11.4:::::::*
opensuse	opensuse	12.3	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	30.0	cpe:2.3:a:mozilla:firefox:30.0:::::::*
mozilla	firefox	31.0	cpe:2.3:a:mozilla:firefox:31.0:::::::*
mozilla	firefox_esr	31.0	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
mozilla	thunderbird	31.0	cpe:2.3:a:mozilla:thunderbird:31.0:::::::*