CVE-2014-1523
MEDIUMMozilla Firefox < 29.0 - Out-of-Bounds Write
Title source: ruleDescription
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.
References (22)
... and 2 more
Scores
CVSS v3
6.5
EPSS
0.0054
EPSS Percentile
67.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Classification
CWE
CWE-787
Status
draft
Affected Products (26)
mozilla/firefox
< 29.0
mozilla/seamonkey
< 2.26
mozilla/thunderbird
< 24.5
fedoraproject/fedora
fedoraproject/fedora
debian/debian_linux
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
redhat/enterprise_linux_eus
redhat/enterprise_linux_server
... and 11 more
Timeline
Published
Apr 30, 2014
Tracked Since
Feb 18, 2026