CVE-2014-1594
Mozilla Firefox <34.0, ESR 31.x<31.3, Thunderbird <31.3, SeaMonkey <2.31 - RCE via Type Confusion
Title source: llmDescription
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
References (9)
Core 9
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71396
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3090
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2014-89.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3092
Scores
EPSS
0.0169
EPSS Percentile
82.5%
Details
CWE
CWE-20
Status
published
Products (3)
mozilla/firefox
< 31.2
mozilla/seamonkey
< 2.30
mozilla/thunderbird
< 31.2
Published
Dec 11, 2014
Tracked Since
Feb 18, 2026