CVE-2014-1486

CRITICAL

Firefox < 27.0 - Remote Code Execution via imgRequestProxy Use-After-Free

Title source: llm
STIX 2.1

Description

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

References (33)

Core 33
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2119-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029721
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=942164
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029717
Broken Link, URL Repurposed x_refsource_confirm
https://8pecxstudios.com/?page_id=44080
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0132.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56922
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56787
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029720
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56858
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2858
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56763
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0133.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/102872
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56888
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56761
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65334
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90890
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2102-1
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56767
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56706

Scores

CVSS v3 9.8
EPSS 0.1082
EPSS Percentile 93.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (21)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.10
debian/debian_linux 7.0
fedoraproject/fedora 19
fedoraproject/fedora 20
mozilla/firefox < 27.0
mozilla/seamonkey < 2.24
mozilla/thunderbird < 24.3
opensuse/opensuse 11.4
... and 11 more
Published Feb 06, 2014
Tracked Since Feb 18, 2026