Description
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69521
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2014-70.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030794
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60148
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61114
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1047831
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030793
Scores
EPSS
0.0080
EPSS Percentile
74.3%
Details
CWE
CWE-119
Status
published
Products (4)
mozilla/firefox
30.0
mozilla/firefox
31.0
mozilla/firefox
< 31.1.0
mozilla/thunderbird
31.0
Published
Sep 03, 2014
Tracked Since
Feb 18, 2026