CVE-2014-1522

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html

http://secunia.com/advisories/59866

http://www.mozilla.org/security/announce/2014/mfsa2014-36.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securitytracker.com/id/1030163

http://www.securitytracker.com/id/1030164

http://www.ubuntu.com/usn/USN-2185-1

https://bugzilla.mozilla.org/show_bug.cgi?id=995289

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2014-04-30

Updated: 2020-08-14

Type: CWE-125

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
701244Mozilla Firefox ESR < 24.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
82632GLSA-201504-01 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
75352openSUSE Security Update : seamonkey (openSUSE-SU-2014:0629-1)NessusSuSE Local Security Checks
critical
75346openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:0599-1)NessusSuSE Local Security Checks
critical
8214SeaMonkey < 2.26 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
8213Mozilla Firefox < 29.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
73848Fedora 19 : firefox-29.0-5.fc19 / thunderbird-24.5.0-1.fc19 / xulrunner-29.0-1.fc19 (2014-5829)NessusFedora Local Security Checks
critical
73786Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : firefox vulnerabilities (USN-2185-1)NessusUbuntu Local Security Checks
critical
73779FreeBSD : mozilla -- multiple vulnerabilities (985d4d6c-cfbd-11e3-a003-b4b52fce4ce8)NessusFreeBSD Local Security Checks
critical
73771SeaMonkey < 2.26 Multiple VulnerabilitiesNessusWindows
critical
73769Firefox < 29.0 Multiple VulnerabilitiesNessusWindows
critical
73766Firefox < 29.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical