CVE-2014-1532

HIGH

Description

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

ID	Name	Product	Family	Severity
701244	Mozilla Firefox ESR < 24.5 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
83624	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2014:0727-1)	Nessus	SuSE Local Security Checks	critical
83622	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-2)	Nessus	SuSE Local Security Checks	critical
83621	SUSE SLES11 Security Update : Mozilla Firefox (SUSE-SU-2014:0665-1)	Nessus	SuSE Local Security Checks	critical
82632	GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
75357	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0640-1)	Nessus	SuSE Local Security Checks	critical
75352	openSUSE Security Update : seamonkey (openSUSE-SU-2014:0629-1)	Nessus	SuSE Local Security Checks	critical
75346	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:0599-1)	Nessus	SuSE Local Security Checks	critical
74006	SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)	Nessus	SuSE Local Security Checks	critical
73869	Debian DSA-2924-1 : icedove - security update	Nessus	Debian Local Security Checks	critical
8215	Mozilla Thunderbird < 24.5 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
8214	SeaMonkey < 2.26 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
8213	Mozilla Firefox < 29.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
73848	Fedora 19 : firefox-29.0-5.fc19 / thunderbird-24.5.0-1.fc19 / xulrunner-29.0-1.fc19 (2014-5829)	Nessus	Fedora Local Security Checks	critical
73844	Debian DSA-2918-1 : iceweasel - security update	Nessus	Debian Local Security Checks	critical
73819	Fedora 20 : firefox-29.0-5.fc20 / thunderbird-24.5.0-1.fc20 / xulrunner-29.0-1.fc20 (2014-5833)	Nessus	Fedora Local Security Checks	critical
73803	Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : thunderbird vulnerabilities (USN-2189-1)	Nessus	Ubuntu Local Security Checks	critical
73798	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20140429)	Nessus	Scientific Linux Local Security Checks	critical
73797	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20140429)	Nessus	Scientific Linux Local Security Checks	critical
73795	Oracle Linux 6 : thunderbird (ELSA-2014-0449)	Nessus	Oracle Linux Local Security Checks	critical
73794	Oracle Linux 5 / 6 : firefox (ELSA-2014-0448)	Nessus	Oracle Linux Local Security Checks	critical
73791	CentOS 5 / 6 : thunderbird (CESA-2014:0449)	Nessus	CentOS Local Security Checks	critical
73790	CentOS 5 / 6 : firefox (CESA-2014:0448)	Nessus	CentOS Local Security Checks	critical
73786	Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : firefox vulnerabilities (USN-2185-1)	Nessus	Ubuntu Local Security Checks	critical
73782	RHEL 5 / 6 : thunderbird (RHSA-2014:0449)	Nessus	Red Hat Local Security Checks	critical
73781	RHEL 5 / 6 : firefox (RHSA-2014:0448)	Nessus	Red Hat Local Security Checks	critical
73779	FreeBSD : mozilla -- multiple vulnerabilities (985d4d6c-cfbd-11e3-a003-b4b52fce4ce8)	Nessus	FreeBSD Local Security Checks	critical
73771	SeaMonkey < 2.26 Multiple Vulnerabilities	Nessus	Windows	critical
73770	Mozilla Thunderbird < 24.5 Multiple Vulnerabilities	Nessus	Windows	critical
73769	Firefox < 29.0 Multiple Vulnerabilities	Nessus	Windows	critical
73768	Firefox ESR 24.x < 24.5 Multiple Vulnerabilities	Nessus	Windows	critical
73767	Thunderbird < 24.5 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
73766	Firefox < 29.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
73765	Firefox ESR 24.x < 24.5 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical

CVE-2014-1532

Description

References

Details

Risk Information

CVSS v2.0