Use-After-Free Vulnerability in Mozilla Firefox and Related Products
CVE-2014-1532

9.8CRITICAL

Key Information:

Vendor

Mozilla
Status
Thunderbird
Firefox
Firefox Esr
Seamonkey
Vendor
CVE Published:
30 April 2014

What is CVE-2014-1532?

This vulnerability is located in the nsHostResolver::ConditionallyRefreshRecord function within libxul.so, which affects various Mozilla products. It enables attackers to manipulate the way host resolutions are handled, leading to potential execution of arbitrary code or causing denial of service due to heap memory corruption. Users are urged to apply security updates to mitigate risks associated with this vulnerability.

References

http://rhn.redhat.com/errata/RHSA-2014-0448.html
vendor-advisoryx_refsource_REDHAT
http://www.mozilla.org/security/announce/2014/mfsa2014-46...
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.