CVE-2014-1594: Input Validation
First published: Thu Dec 11 2014(Updated: )
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=33.0 | |
| Mozilla Firefox ESR | <=31.2 | |
| Mozilla SeaMonkey | <=2.30 | |
| Mozilla Thunderbird | <=31.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://www.debian.org/security/2014/dsa-3090
- http://www.debian.org/security/2014/dsa-3092
- http://www.mozilla.org/security/announce/2014/mfsa2014-89.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/71396
- https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
- https://security.gentoo.org/glsa/201504-01
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/33.0
- canonical/mozilla firefox esr
- version/mozilla firefox esr/31.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.30
- canonical/mozilla thunderbird
- version/mozilla thunderbird/31.2