CVE-2014-1594: Input Validation
First published: Thu Dec 11 2014(Updated: )
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=33.0 | |
| Mozilla Firefox ESR | <=31.2 | |
| Mozilla SeaMonkey | <=2.30 | |
| Mozilla Thunderbird | <=31.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://www.debian.org/security/2014/dsa-3090
- http://www.debian.org/security/2014/dsa-3092
- http://www.mozilla.org/security/announce/2014/mfsa2014-89.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/71396
- https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2014-1594?
CVE-2014-1594 has a severity rating of high due to the potential for remote code execution.
How do I fix CVE-2014-1594?
To fix CVE-2014-1594, update Mozilla Firefox to version 34.0 or later, or update affected versions of Firefox ESR, SeaMonkey, or Thunderbird to their respective patched versions.
Which versions of Firefox are affected by CVE-2014-1594?
CVE-2014-1594 affects Firefox versions prior to 34.0 and Firefox ESR versions before 31.3.
Can CVE-2014-1594 be exploited remotely?
Yes, CVE-2014-1594 can be exploited remotely by attackers targeting vulnerable versions of affected software.
What software is impacted by CVE-2014-1594?
CVE-2014-1594 impacts Mozilla Firefox, Firefox ESR, Thunderbird, and SeaMonkey prior to the specified versions.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/33.0
- canonical/mozilla firefox esr
- version/mozilla firefox esr/31.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.30
- canonical/mozilla thunderbird
- version/mozilla thunderbird/31.2