CVE-2014-1482

HIGH

Firefox < 27.0 - Out-of-bounds Write via Crafted Image Data

Title source: llm
STIX 2.1

Description

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.

References (33)

Core 33
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2119-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029721
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=943803
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029717
Broken Link, URL Repurposed x_refsource_confirm
https://8pecxstudios.com/?page_id=44080
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0132.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56922
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56787
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029720
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56858
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2858
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56763
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0133.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/102868
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56888
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56761
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90894
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-1
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56767
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56706
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65328

Scores

CVSS v3 8.8
EPSS 0.0274
EPSS Percentile 86.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (25)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.10
debian/debian_linux 7.0
fedoraproject/fedora 19
fedoraproject/fedora 20
mozilla/firefox < 27.0
mozilla/seamonkey < 2.24
mozilla/thunderbird < 24.3
opensuse/opensuse 11.4
... and 15 more
Published Feb 06, 2014
Tracked Since Feb 18, 2026