CVE-2014-1509 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mozilla	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
mozilla	firefox	𝑥 < 28.0
mozilla	firefox_esr	24.0 ≤ 𝑥 < 24.4
mozilla	seamonkey	𝑥 < 2.25
mozilla	thunderbird	𝑥 < 24.4
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	6.5
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_aus	6.5
redhat	enterprise_linux_server_eus	6.5
redhat	enterprise_linux_server_tus	6.5
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	12.10
canonical	ubuntu_linux	13.10
suse	suse_linux_enterprise_software_development_kit	11.0:sp3
opensuse	opensuse	11.4
opensuse	opensuse	12.3
opensuse	opensuse	13.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

saucy	Fixed 28.0+build2-0ubuntu0.13.10.1 released
quantal	Fixed 28.0+build2-0ubuntu0.12.10.1 released
precise	Fixed 28.0+build2-0ubuntu0.12.04.1 released
lucid	ignored

thunderbird

saucy	Fixed 1:24.4.0+build1-0ubuntu0.13.10.2 released
quantal	Fixed 1:24.4.0+build1-0ubuntu0.12.10.1 released
precise	Fixed 1:24.4.0+build1-0ubuntu0.12.04.1 released
lucid	ignored

Known Exploits!

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

http://rhn.redhat.com/errata/RHSA-2014-0310.html

http://rhn.redhat.com/errata/RHSA-2014-0316.html

http://www.mozilla.org/security/announce/2014/mfsa2014-27.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/66425

http://www.ubuntu.com/usn/USN-2151-1

https://bugzilla.mozilla.org/show_bug.cgi?id=966021

https://security.gentoo.org/glsa/201504-01

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

http://rhn.redhat.com/errata/RHSA-2014-0310.html

http://rhn.redhat.com/errata/RHSA-2014-0316.html

http://www.mozilla.org/security/announce/2014/mfsa2014-27.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/66425

http://www.ubuntu.com/usn/USN-2151-1

https://bugzilla.mozilla.org/show_bug.cgi?id=966021

https://security.gentoo.org/glsa/201504-01