Remote Code Execution Vulnerability in Mozilla Products
CVE-2014-1594

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Firefox; Seamonkey; Thunderbird
Vendor: CVE Published:; 11 December 2014

What is CVE-2014-1594?

An improper cast vulnerability in Mozilla's rendering engine could enable remote attackers to execute arbitrary code on affected systems. This flaw arises from an incorrect type conversion within the BasicThebesLayer to BasicContainerLayer process, potentially allowing an attacker to craft malicious web content that exploits this weakness. Users of outdated versions of Mozilla Firefox, Thunderbird, and SeaMonkey are particularly at risk, as their applications may inadvertently permit execution of harmful actions upon viewing compromised content.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/71396

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Jan 16, 2014