CVE-2014-1581

Thunderbird 31.x < 31.2 - Remote Code Execution via DirectionalityUtils Use-After-Free

Title source: llm

Description

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

References (27)

Core 27

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62021

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031028

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2373-1

Third Party Advisory x_refsource_confirm

https://advisories.mageia.org/MGASA-2014-0421.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201504-01

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1068218

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/61387

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2372-1

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62022

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/70426

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031030

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62023

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2014/mfsa2014-79.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-3050

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/61854

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-3061

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1635.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1647.html

Scores

EPSS 0.0231

EPSS Percentile 85.0%

Details

Status published

Products (6)

mozilla/firefox 31.0

mozilla/firefox 31.1.0

mozilla/firefox 30.0

mozilla/firefox < 32.0

mozilla/thunderbird 31.0

mozilla/thunderbird 31.1.0

Published Oct 15, 2014

Tracked Since Feb 18, 2026