CVE-2014-1598

Current Description

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.

Basic Data

PublishedDecember 11, 2014
Last ModifiedDecember 24, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox********33.0
    2.3ApplicationMozillaFirefox Esr********31.2
    2.3ApplicationMozillaSeamonkey********2.30
    2.3ApplicationMozillaThunderbird********31.2

Vulnerable Software List

VendorProductVersions
Mozilla Firefox *
Mozilla Thunderbird *
Mozilla Seamonkey *
Mozilla Firefox Esr *

References

NameSourceURLTags
openSUSE-SU-2015:0138http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.htmlSUSE
openSUSE-SU-2015:1266http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlSUSE
DSA-3090http://www.debian.org/security/2014/dsa-3090DEBIAN
DSA-3092http://www.debian.org/security/2014/dsa-3092DEBIAN
http://www.mozilla.org/security/announce/2014/mfsa2014-88.htmlhttp://www.mozilla.org/security/announce/2014/mfsa2014-88.htmlCONFIRMVendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlCONFIRM
71395http://www.securityfocus.com/bid/71395BID
https://bugzilla.mozilla.org/show_bug.cgi?id=1085175https://bugzilla.mozilla.org/show_bug.cgi?id=1085175CONFIRM
GLSA-201504-01https://security.gentoo.org/glsa/201504-01GENTOO