CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 27.0
mozillafirefox
24.0 ≤
𝑥
< 24.3
mozillaseamonkey
𝑥
< 2.24
mozillathunderbird
𝑥
< 24.3
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.10
debiandebian_linux
7.0
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_eus
6.5
redhatenterprise_linux_server
5.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server_aus
6.5
redhatenterprise_linux_server_eus
6.5
redhatenterprise_linux_server_tus
6.5
redhatenterprise_linux_workstation
5.0
redhatenterprise_linux_workstation
6.0
susesuse_linux_enterprise_software_development_kit
11.0:sp3
opensuseopensuse
11.4
opensuseopensuse
12.3
opensuseopensuse
13.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
Fixed 27.0+build1-0ubuntu0.12.04.1
released
quantal
Fixed 27.0+build1-0ubuntu0.12.10.1
released
saucy
Fixed 27.0+build1-0ubuntu0.13.10.1
released
thunderbird
lucid
ignored
precise
Fixed 1:24.3.0+build2-0ubuntu0.12.04.1
released
quantal
Fixed 1:24.3.0+build2-0ubuntu0.12.10.1
released
saucy
Fixed 1:24.3.0+build2-0ubuntu0.13.10.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-devel
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaThunderbird
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
MozillaThunderbird-devel
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise workstation 15
52.8-1.2
fixed
MozillaThunderbird-translations-common
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
MozillaThunderbird-translations-other
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
firefox
RHEL 6
0:24.3.0-2.el6_5
fixed
thunderbird
RHEL 6
0:24.3.0-2.el6_5
fixed
References
http://download.novell.com/Download?buildid=VYQsgaFpQ2k
http://download.novell.com/Download?buildid=Y2fux-JW1Qc
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://osvdb.org/102864
http://rhn.redhat.com/errata/RHSA-2014-0132.html
http://rhn.redhat.com/errata/RHSA-2014-0133.html
http://secunia.com/advisories/56706
http://secunia.com/advisories/56761
http://secunia.com/advisories/56763
http://secunia.com/advisories/56767
http://secunia.com/advisories/56787
http://secunia.com/advisories/56858
http://secunia.com/advisories/56888
http://www.debian.org/security/2014/dsa-2858
http://www.mozilla.org/security/announce/2014/mfsa2014-01.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/65317
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://www.securitytracker.com/id/1029721
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
http://www.ubuntu.com/usn/USN-2119-1
https://8pecxstudios.com/?page_id=44080
https://bugzilla.mozilla.org/show_bug.cgi?id=921470
https://bugzilla.mozilla.org/show_bug.cgi?id=925896
https://bugzilla.mozilla.org/show_bug.cgi?id=936808
https://bugzilla.mozilla.org/show_bug.cgi?id=937132
https://bugzilla.mozilla.org/show_bug.cgi?id=937697
https://bugzilla.mozilla.org/show_bug.cgi?id=945334
https://bugzilla.mozilla.org/show_bug.cgi?id=945939
https://bugzilla.mozilla.org/show_bug.cgi?id=950000
https://bugzilla.mozilla.org/show_bug.cgi?id=950438
https://bugzilla.mozilla.org/show_bug.cgi?id=951366
https://bugzilla.mozilla.org/show_bug.cgi?id=953114
https://exchange.xforce.ibmcloud.com/vulnerabilities/90899
https://security.gentoo.org/glsa/201504-01
http://download.novell.com/Download?buildid=VYQsgaFpQ2k
http://download.novell.com/Download?buildid=Y2fux-JW1Qc
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://osvdb.org/102864
http://rhn.redhat.com/errata/RHSA-2014-0132.html
http://rhn.redhat.com/errata/RHSA-2014-0133.html
http://secunia.com/advisories/56706
http://secunia.com/advisories/56761
http://secunia.com/advisories/56763
http://secunia.com/advisories/56767
http://secunia.com/advisories/56787
http://secunia.com/advisories/56858
http://secunia.com/advisories/56888
http://www.debian.org/security/2014/dsa-2858
http://www.mozilla.org/security/announce/2014/mfsa2014-01.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/65317
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://www.securitytracker.com/id/1029721
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
http://www.ubuntu.com/usn/USN-2119-1
https://8pecxstudios.com/?page_id=44080
https://bugzilla.mozilla.org/show_bug.cgi?id=921470
https://bugzilla.mozilla.org/show_bug.cgi?id=925896
https://bugzilla.mozilla.org/show_bug.cgi?id=936808
https://bugzilla.mozilla.org/show_bug.cgi?id=937132
https://bugzilla.mozilla.org/show_bug.cgi?id=937697
https://bugzilla.mozilla.org/show_bug.cgi?id=945334
https://bugzilla.mozilla.org/show_bug.cgi?id=945939
https://bugzilla.mozilla.org/show_bug.cgi?id=950000
https://bugzilla.mozilla.org/show_bug.cgi?id=950438
https://bugzilla.mozilla.org/show_bug.cgi?id=951366
https://bugzilla.mozilla.org/show_bug.cgi?id=953114
https://exchange.xforce.ibmcloud.com/vulnerabilities/90899
https://security.gentoo.org/glsa/201504-01