CVE-2014-1563

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html

http://secunia.com/advisories/60148

http://secunia.com/advisories/61114

http://www.mozilla.org/security/announce/2014/mfsa2014-68.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/69523

http://www.securitytracker.com/id/1030793

http://www.securitytracker.com/id/1030794

https://bugzilla.mozilla.org/show_bug.cgi?id=1018524

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2014-09-03

Updated: 2018-10-30

Type: CWE-416

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
701247Mozilla Firefox ESR < 24.8 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
82632GLSA-201504-01 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
77664Ubuntu 12.04 LTS / 14.04 LTS : thunderbird vulnerabilities (USN-2330-1)NessusUbuntu Local Security Checks
critical
77619openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1098-1)NessusSuSE Local Security Checks
critical
77618openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1099-1)NessusSuSE Local Security Checks
critical
77502Mozilla Thunderbird < 31.1 Multiple VulnerabilitiesNessusWindows
critical
77500Firefox < 32.0 Multiple VulnerabilitiesNessusWindows
critical
77499Firefox ESR 31.x < 31.1 Multiple VulnerabilitiesNessusWindows
critical
77497Mozilla Thunderbird < 31.1 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
77495Firefox < 32.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
77494Firefox ESR 31.x < 31.1 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
77486Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2329-1)NessusUbuntu Local Security Checks
critical
8361Mozilla Firefox < 32.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium