CVE-2014-1593: Buffer Overflow
First published: Thu Dec 11 2014(Updated: )
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <=33.0 | |
| Firefox ESR | <=31.2 | |
| Mozilla SeaMonkey | <=2.30 | |
| Thunderbird | <=31.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://www.debian.org/security/2014/dsa-3090
- http://www.debian.org/security/2014/dsa-3092
- http://www.mozilla.org/security/announce/2014/mfsa2014-88.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/71395
- https://bugzilla.mozilla.org/show_bug.cgi?id=1085175
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2014-1593?
CVE-2014-1593 is considered a high-severity vulnerability due to the potential for remote code execution.
What software is affected by CVE-2014-1593?
CVE-2014-1593 affects Mozilla Firefox versions prior to 34.0, Firefox ESR versions before 31.3, Thunderbird versions before 31.3, and SeaMonkey versions before 2.31.
How do I fix CVE-2014-1593?
To fix CVE-2014-1593, update your affected software to the latest version provided by Mozilla.
Can CVE-2014-1593 be exploited remotely?
Yes, CVE-2014-1593 can be exploited remotely by attackers through crafted media content.
What type of vulnerability is CVE-2014-1593?
CVE-2014-1593 is a stack-based buffer overflow vulnerability.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/firefox
- version/firefox/33.0
- canonical/firefox esr
- version/firefox esr/31.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.30
- canonical/thunderbird
- version/thunderbird/31.2