CVE-2014-1564

Mozilla Firefox <32 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1564. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Mozilla Firefox and Thunderbird by rendering multiple instances of an image and comparing their data URLs to detect inconsistencies. The PoC checks for variations in rendered images, indicating potential memory corruption or rendering issues.

Description

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Zalewski · javascriptremotemultiple

https://www.exploit-db.com/exploits/39295

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Mozilla Firefox and Thunderbird by rendering multiple instances of an image and comparing their data URLs to detect inconsistencies. The PoC checks for variations in rendered images, indicating potential memory corruption or rendering issues.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Mozilla Firefox < 32, Firefox ESR < 31.1, Thunderbird < 31.1

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (16)

Core 16

Core References

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/533357/100/0/threaded

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Sep/18

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201504-01

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030794

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69525

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2014/mfsa2014-69.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60148

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/61114

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1045977

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030793

Scores

EPSS 0.0546

EPSS Percentile 91.7%

Details

CWE

CWE-824

Status published

Products (7)

mozilla/firefox 30.0

mozilla/firefox 31.0

mozilla/firefox < 31.1.0

mozilla/thunderbird 31.0

opensuse/evergreen 11.4

opensuse/opensuse 12.3

opensuse/opensuse 13.1

Published Sep 03, 2014

Tracked Since Feb 18, 2026