Multiple vulnerabilities in Mozilla products leading to potential application crashes or code execution
CVE-2014-1518

8.8HIGH

Key Information:

Vendor
Mozilla
Status
Thunderbird
Firefox
Firefox Esr
Seamonkey
Vendor
CVE Published:
30 April 2014

Summary

Mozilla Firefox, Thunderbird, and SeaMonkey are vulnerable to multiple unspecified issues in the browser engine, affecting versions released prior to 29.0 for Firefox, 24.5 for Firefox ESR and Thunderbird, and 2.26 for SeaMonkey. These vulnerabilities could enable attackers to exploit memory corruption scenarios, potentially leading to application crashes or unauthorized execution of arbitrary code through still unidentified vectors.

References

http://rhn.redhat.com/errata/RHSA-2014-0448.html
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/67123
vdb-entryx_refsource_BID
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.