CVE-2014-1528

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html

http://secunia.com/advisories/59866

http://www.mozilla.org/security/announce/2014/mfsa2014-41.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securitytracker.com/id/1030163

http://www.securitytracker.com/id/1030164

http://www.ubuntu.com/usn/USN-2185-1

https://bugzilla.mozilla.org/show_bug.cgi?id=963962

Details

Source: MITRE

Published: 2014-04-30

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
701244Mozilla Firefox ESR < 24.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
75352openSUSE Security Update : seamonkey (openSUSE-SU-2014:0629-1)NessusSuSE Local Security Checks
critical
75346openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:0599-1)NessusSuSE Local Security Checks
critical
8214SeaMonkey < 2.26 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
8213Mozilla Firefox < 29.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
73848Fedora 19 : firefox-29.0-5.fc19 / thunderbird-24.5.0-1.fc19 / xulrunner-29.0-1.fc19 (2014-5829)NessusFedora Local Security Checks
critical
73786Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : firefox vulnerabilities (USN-2185-1)NessusUbuntu Local Security Checks
critical
73779FreeBSD : mozilla -- multiple vulnerabilities (985d4d6c-cfbd-11e3-a003-b4b52fce4ce8)NessusFreeBSD Local Security Checks
critical
73771SeaMonkey < 2.26 Multiple VulnerabilitiesNessusWindows
critical
73769Firefox < 29.0 Multiple VulnerabilitiesNessusWindows
critical