CVE-2014-1562 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mozilla	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Vendor	Product	Version
mozilla	firefox	24.0
mozilla	firefox	24.1.0
mozilla	firefox	24.1.1
mozilla	firefox	31.0
mozilla	firefox_esr	24.0.1
mozilla	firefox_esr	24.0.2
mozilla	firefox_esr	24.2
mozilla	firefox_esr	24.3
mozilla	firefox_esr	24.4
mozilla	firefox_esr	24.5
mozilla	firefox_esr	24.6
mozilla	firefox_esr	24.7
mozilla	thunderbird	24.0
mozilla	thunderbird	24.0.1
mozilla	thunderbird	24.1
mozilla	thunderbird	24.1.1
mozilla	thunderbird	24.2
mozilla	thunderbird	24.3
mozilla	thunderbird	24.4
mozilla	thunderbird	24.5
mozilla	thunderbird	24.6
mozilla	thunderbird	24.7
mozilla	thunderbird	31.0
mozilla	firefox	𝑥 ≤ 31.1.0
mozilla	firefox	30.0
mozilla	firefox	31.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

trusty	Fixed 32.0+build1-0ubuntu0.14.04.1 released
precise	Fixed 32.0+build1-0ubuntu0.12.04.1 released
lucid	ignored

thunderbird

trusty	Fixed 1:31.1.0+build2-0ubuntu0.14.04.1 released
precise	Fixed 1:31.1.0+build2-0ubuntu0.12.04.1 released
lucid	ignored

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html

http://secunia.com/advisories/60148

http://secunia.com/advisories/60186

http://secunia.com/advisories/61114

http://secunia.com/advisories/61390

http://www.debian.org/security/2014/dsa-3018

http://www.debian.org/security/2014/dsa-3028

http://www.mozilla.org/security/announce/2014/mfsa2014-67.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/69519

http://www.securitytracker.com/id/1030793

http://www.securitytracker.com/id/1030794

https://bugzilla.mozilla.org/show_bug.cgi?id=1054359

https://security.gentoo.org/glsa/201504-01

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html

http://secunia.com/advisories/60148

http://secunia.com/advisories/60186

http://secunia.com/advisories/61114

http://secunia.com/advisories/61390

http://www.debian.org/security/2014/dsa-3018

http://www.debian.org/security/2014/dsa-3028

http://www.mozilla.org/security/announce/2014/mfsa2014-67.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/69519

http://www.securitytracker.com/id/1030793

http://www.securitytracker.com/id/1030794

https://bugzilla.mozilla.org/show_bug.cgi?id=1054359

https://security.gentoo.org/glsa/201504-01