CVE-2014-1587: Input Validation
First published: Thu Dec 11 2014(Updated: )
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <=33.0 | |
| Firefox ESR | <=31.2 | |
| Mozilla SeaMonkey | <=2.30 | |
| Thunderbird | <=31.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://www.debian.org/security/2014/dsa-3090
- http://www.debian.org/security/2014/dsa-3092
- http://www.mozilla.org/security/announce/2014/mfsa2014-83.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/71391
- https://bugzilla.mozilla.org/show_bug.cgi?id=1042567
- https://bugzilla.mozilla.org/show_bug.cgi?id=1072847
- https://bugzilla.mozilla.org/show_bug.cgi?id=1079729
- https://bugzilla.mozilla.org/show_bug.cgi?id=1080312
- https://bugzilla.mozilla.org/show_bug.cgi?id=1089207
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2014-1587?
CVE-2014-1587 is considered a critical vulnerability due to its potential to cause denial of service and execute arbitrary code.
How do I fix CVE-2014-1587?
To mitigate CVE-2014-1587, users should update their affected Mozilla Firefox, Firefox ESR, Thunderbird, or SeaMonkey to the latest versions.
Which software versions are affected by CVE-2014-1587?
CVE-2014-1587 affects Mozilla Firefox versions prior to 34.0, Firefox ESR versions prior to 31.3, Thunderbird versions prior to 31.3, and SeaMonkey versions prior to 2.31.
What type of attacks can CVE-2014-1587 enable?
CVE-2014-1587 can allow remote attackers to crash the application or potentially execute arbitrary code on the victim's system.
Is CVE-2014-1587 still a risk if my software is updated?
If your software has been updated to versions beyond those specified in CVE-2014-1587, the risk associated with this vulnerability should be mitigated.
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/firefox
- version/firefox/33.0
- canonical/firefox esr
- version/firefox esr/31.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.30
- canonical/thunderbird
- version/thunderbird/31.2