CVE-2014-1551

EUVD-2014-1627
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 30.0
mozillafirefox
24.0
mozillafirefox
24.0.1
mozillafirefox
24.0.2
mozillafirefox
24.1.0
mozillafirefox
24.1.1
mozillafirefox_esr
24.2
mozillafirefox_esr
24.3
mozillafirefox_esr
24.4
mozillafirefox_esr
24.5
mozillafirefox_esr
24.6
mozillathunderbird
𝑥
≤ 24.6
mozillathunderbird
24.0
mozillathunderbird
24.0.1
mozillathunderbird
24.1
mozillathunderbird
24.1.1
mozillathunderbird
24.2
mozillathunderbird
24.3
mozillathunderbird
24.4
mozillathunderbird
24.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
not-affected
trusty
dne
thunderbird
lucid
ignored
precise
not-affected
trusty
dne
References
http://secunia.com/advisories/59760
http://www.mozilla.org/security/announce/2014/mfsa2014-59.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1030619
http://www.securitytracker.com/id/1030620
https://bugzilla.mozilla.org/show_bug.cgi?id=1018234
https://security.gentoo.org/glsa/201504-01
http://secunia.com/advisories/59760
http://www.mozilla.org/security/announce/2014/mfsa2014-59.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1030619
http://www.securitytracker.com/id/1030620
https://bugzilla.mozilla.org/show_bug.cgi?id=1018234
https://security.gentoo.org/glsa/201504-01