CVE-2014-1590: Input Validation
First published: Thu Dec 11 2014(Updated: )
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <=33.0 | |
| Firefox ESR | <=31.2 | |
| Mozilla SeaMonkey | <=2.30 | |
| Thunderbird | <=31.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://www.debian.org/security/2014/dsa-3090
- http://www.debian.org/security/2014/dsa-3092
- http://www.mozilla.org/security/announce/2014/mfsa2014-85.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/71397
- https://bugzilla.mozilla.org/show_bug.cgi?id=1087633
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2014-1590?
CVE-2014-1590 has been classified as a moderate severity vulnerability.
How do I fix CVE-2014-1590?
To fix CVE-2014-1590, update your Mozilla Firefox, Firefox ESR, Thunderbird, or SeaMonkey to the latest version.
What systems are affected by CVE-2014-1590?
CVE-2014-1590 affects Mozilla Firefox versions prior to 34.0, Firefox ESR versions prior to 31.3, Thunderbird versions prior to 31.3, and SeaMonkey versions prior to 2.31.
What type of vulnerability is CVE-2014-1590?
CVE-2014-1590 is a denial of service vulnerability that can cause the application to crash.
Who can exploit CVE-2014-1590?
Remote attackers can exploit CVE-2014-1590 by sending a crafted JavaScript object.
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/firefox
- version/firefox/33.0
- canonical/firefox esr
- version/firefox esr/31.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.30
- canonical/thunderbird
- version/thunderbird/31.2