CVE-2014-1563

Opensuse Evergreen < 31.1.0 - Use After Free

Title source: rule
STIX 2.1

Description

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030794
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69523
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1018524
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60148
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61114
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030793

Scores

EPSS 0.0144
EPSS Percentile 81.0%

Details

CWE
CWE-416
Status published
Products (8)
mozilla/firefox 30.0
mozilla/firefox 31.0
mozilla/firefox < 31.1.0
mozilla/thunderbird 31.0
opensuse/evergreen 11.4
opensuse/opensuse 12.3
opensuse/opensuse 13.1
oracle/solaris 11.3
Published Sep 03, 2014
Tracked Since Feb 18, 2026