Vulnerability-Lookup

CVE-2014-1541 (GCVE-0-2014-1541)

Vulnerability from cvelistv5 – Published: 2014-06-11 10:00 – Updated: 2024-08-06 09:42

Summary

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://secunia.com/advisories/59229	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/67979	vdb-entryx_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2014-0741.html	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/59387	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59150	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1030388	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/59052	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/59169	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59165	third-party-advisoryx_refsource_SECUNIA
	https://security.gentoo.org/glsa/201504-01	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/59866	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://linux.oracle.com/errata/ELSA-2014-0742.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://www.mozilla.org/security/announce/2014/mfs…	x_refsource_CONFIRM
	http://secunia.com/advisories/59377	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59149	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2014-0742.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2243-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2014/dsa-2960	vendor-advisoryx_refsource_DEBIAN
	http://www.debian.org/security/2014/dsa-2955	vendor-advisoryx_refsource_DEBIAN
	https://bugzilla.mozilla.org/show_bug.cgi?id=1000185	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030386	vdb-entryx_refsource_SECTRACK
	http://linux.oracle.com/errata/ELSA-2014-0741.html	x_refsource_CONFIRM
	http://secunia.com/advisories/58984	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59170	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59425	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59171	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59328	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/59275	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-2250-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/59486	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:36.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59229"
          },
          {
            "name": "openSUSE-SU-2014:0819",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
          },
          {
            "name": "67979",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67979"
          },
          {
            "name": "RHSA-2014:0741",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
          },
          {
            "name": "SUSE-SU-2014:0824",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
          },
          {
            "name": "59387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59387"
          },
          {
            "name": "59150",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59150"
          },
          {
            "name": "1030388",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030388"
          },
          {
            "name": "59052",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59052"
          },
          {
            "name": "openSUSE-SU-2014:0855",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2014:0797",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
          },
          {
            "name": "59169",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59169"
          },
          {
            "name": "59165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59165"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "59866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
          },
          {
            "name": "openSUSE-SU-2014:0858",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
          },
          {
            "name": "59377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59377"
          },
          {
            "name": "59149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59149"
          },
          {
            "name": "RHSA-2014:0742",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
          },
          {
            "name": "USN-2243-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2243-1"
          },
          {
            "name": "DSA-2960",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2960"
          },
          {
            "name": "DSA-2955",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2955"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
          },
          {
            "name": "1030386",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
          },
          {
            "name": "58984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58984"
          },
          {
            "name": "59170",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59170"
          },
          {
            "name": "59425",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59425"
          },
          {
            "name": "59171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59171"
          },
          {
            "name": "59328",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59328"
          },
          {
            "name": "59275",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59275"
          },
          {
            "name": "USN-2250-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2250-1"
          },
          {
            "name": "59486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59486"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-27T18:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "59229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59229"
        },
        {
          "name": "openSUSE-SU-2014:0819",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
        },
        {
          "name": "67979",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67979"
        },
        {
          "name": "RHSA-2014:0741",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
        },
        {
          "name": "SUSE-SU-2014:0824",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
        },
        {
          "name": "59387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59387"
        },
        {
          "name": "59150",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59150"
        },
        {
          "name": "1030388",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030388"
        },
        {
          "name": "59052",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59052"
        },
        {
          "name": "openSUSE-SU-2014:0855",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
        },
        {
          "name": "openSUSE-SU-2014:0797",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
        },
        {
          "name": "59169",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59169"
        },
        {
          "name": "59165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59165"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "name": "59866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
        },
        {
          "name": "openSUSE-SU-2014:0858",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
        },
        {
          "name": "59377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59377"
        },
        {
          "name": "59149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59149"
        },
        {
          "name": "RHSA-2014:0742",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
        },
        {
          "name": "USN-2243-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2243-1"
        },
        {
          "name": "DSA-2960",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2960"
        },
        {
          "name": "DSA-2955",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2955"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
        },
        {
          "name": "1030386",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
        },
        {
          "name": "58984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58984"
        },
        {
          "name": "59170",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59170"
        },
        {
          "name": "59425",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59425"
        },
        {
          "name": "59171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59171"
        },
        {
          "name": "59328",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59328"
        },
        {
          "name": "59275",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59275"
        },
        {
          "name": "USN-2250-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2250-1"
        },
        {
          "name": "59486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59486"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59229"
            },
            {
              "name": "openSUSE-SU-2014:0819",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
            },
            {
              "name": "67979",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67979"
            },
            {
              "name": "RHSA-2014:0741",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
            },
            {
              "name": "SUSE-SU-2014:0824",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
            },
            {
              "name": "59387",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59387"
            },
            {
              "name": "59150",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59150"
            },
            {
              "name": "1030388",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030388"
            },
            {
              "name": "59052",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59052"
            },
            {
              "name": "openSUSE-SU-2014:0855",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2014:0797",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
            },
            {
              "name": "59169",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59169"
            },
            {
              "name": "59165",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59165"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "59866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59866"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-0742.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
            },
            {
              "name": "openSUSE-SU-2014:0858",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
            },
            {
              "name": "59377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59377"
            },
            {
              "name": "59149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59149"
            },
            {
              "name": "RHSA-2014:0742",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
            },
            {
              "name": "USN-2243-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2243-1"
            },
            {
              "name": "DSA-2960",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2960"
            },
            {
              "name": "DSA-2955",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2955"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
            },
            {
              "name": "1030386",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030386"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-0741.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
            },
            {
              "name": "58984",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58984"
            },
            {
              "name": "59170",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59170"
            },
            {
              "name": "59425",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59425"
            },
            {
              "name": "59171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59171"
            },
            {
              "name": "59328",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59328"
            },
            {
              "name": "59275",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59275"
            },
            {
              "name": "USN-2250-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2250-1"
            },
            {
              "name": "59486",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59486"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-1541",
    "datePublished": "2014-06-11T10:00:00.000Z",
    "dateReserved": "2014-01-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:42:36.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2014-AVI-270

Vulnerability from certfr_avis - Published: 2014-06-11 - Updated: 2014-06-11

De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Versions antérieures à Firefox 30
Mozilla	N/A	versions antérieures à Netscape Portable Runtime 4.10.6
Mozilla	Firefox ESR	versions antérieures à Firefox ESR 24.6
Mozilla	Thunderbird	versions antérieures à Thunderbird 24.6

References

Title

Publication Time

CVE-2014-1541

Vulnerability from fstec - Published: 11.06.2014

Title

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Description

Использование после освобождения в функции RefreshDriverTimer::TickDriver контроллера анимации SMIL в Mozilla Firefox позволяет злоумышленникам, действующим удаленно, выполнить произвольный код или вызвать отказ в обслуживании (ошибку при работе с динамической памятью), используя специально сформированный веб-контент

Severity ?

Vendor

Mozilla Corp.

Software Name

Firefox

Software Version

от 17.0 до 30.0 (Firefox)

Possible Mitigations

Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу: http://www.mozilla.org/firefox/organizations/all.html

Reference

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541 http://www.mozilla.org/security/announce/2014/mfsa2014-52.html

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 17.0 \u0434\u043e 30.0 (Firefox)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435. \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443:\nhttp://www.mozilla.org/firefox/organizations/all.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.06.2014",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.07.2016",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-00424",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2014-1541",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Firefox",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Apple Inc. MacOS X 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Apple Inc. MacOS X 64-bit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 RefreshDriverTimer::TickDriver \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0430\u043d\u0438\u043c\u0430\u0446\u0438\u0438 SMIL \u0432 Mozilla Firefox \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (\u043e\u0448\u0438\u0431\u043a\u0443 \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u044c\u044e), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-52.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}

GHSA-V766-RVR2-8J2W

Vulnerability from github – Published: 2022-05-14 04:03 – Updated: 2022-05-14 04:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1541"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-06-11T10:57:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.",
  "id": "GHSA-v766-rvr2-8j2w",
  "modified": "2022-05-14T04:03:16Z",
  "published": "2022-05-14T04:03:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1541"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58984"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59052"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59149"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59150"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59165"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59169"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59170"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59171"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59229"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59275"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59328"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59377"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59387"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59425"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59486"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2955"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2960"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/67979"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030386"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030388"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2243-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2250-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2014-1541

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-1541

Aliases

CVE-2014-1541

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1541",
    "description": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.",
    "id": "GSD-2014-1541",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-1541.html",
      "https://www.debian.org/security/2014/dsa-2960",
      "https://www.debian.org/security/2014/dsa-2955",
      "https://access.redhat.com/errata/RHSA-2014:0742",
      "https://access.redhat.com/errata/RHSA-2014:0741",
      "https://ubuntu.com/security/CVE-2014-1541",
      "https://advisories.mageia.org/CVE-2014-1541.html",
      "https://linux.oracle.com/cve/CVE-2014-1541.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1541"
      ],
      "details": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.",
      "id": "GSD-2014-1541",
      "modified": "2023-12-13T01:22:51.230060Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2014-1541",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "59229",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59229"
          },
          {
            "name": "openSUSE-SU-2014:0819",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
          },
          {
            "name": "67979",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/67979"
          },
          {
            "name": "RHSA-2014:0741",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
          },
          {
            "name": "SUSE-SU-2014:0824",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
          },
          {
            "name": "59387",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59387"
          },
          {
            "name": "59150",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59150"
          },
          {
            "name": "1030388",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030388"
          },
          {
            "name": "59052",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59052"
          },
          {
            "name": "openSUSE-SU-2014:0855",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2014:0797",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
          },
          {
            "name": "59169",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59169"
          },
          {
            "name": "59165",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59165"
          },
          {
            "name": "GLSA-201504-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "59866",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59866"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "http://linux.oracle.com/errata/ELSA-2014-0742.html",
            "refsource": "CONFIRM",
            "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
          },
          {
            "name": "openSUSE-SU-2014:0858",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
          },
          {
            "name": "59377",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59377"
          },
          {
            "name": "59149",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59149"
          },
          {
            "name": "RHSA-2014:0742",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
          },
          {
            "name": "USN-2243-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2243-1"
          },
          {
            "name": "DSA-2960",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2014/dsa-2960"
          },
          {
            "name": "DSA-2955",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2014/dsa-2955"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
          },
          {
            "name": "1030386",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030386"
          },
          {
            "name": "http://linux.oracle.com/errata/ELSA-2014-0741.html",
            "refsource": "CONFIRM",
            "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
          },
          {
            "name": "58984",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/58984"
          },
          {
            "name": "59170",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59170"
          },
          {
            "name": "59425",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59425"
          },
          {
            "name": "59171",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59171"
          },
          {
            "name": "59328",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59328"
          },
          {
            "name": "59275",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59275"
          },
          {
            "name": "USN-2250-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2250-1"
          },
          {
            "name": "59486",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59486"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "24.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "29.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1541"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
            },
            {
              "name": "58984",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/58984"
            },
            {
              "name": "67979",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/67979"
            },
            {
              "name": "59150",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59150"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-0742.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-0741.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
            },
            {
              "name": "59229",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59229"
            },
            {
              "name": "59170",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59170"
            },
            {
              "name": "59149",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59149"
            },
            {
              "name": "59169",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59169"
            },
            {
              "name": "59052",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59052"
            },
            {
              "name": "59171",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59171"
            },
            {
              "name": "59275",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59275"
            },
            {
              "name": "59165",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59165"
            },
            {
              "name": "1030388",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030388"
            },
            {
              "name": "1030386",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030386"
            },
            {
              "name": "59866",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59866"
            },
            {
              "name": "openSUSE-SU-2014:0855",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2014:0858",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
            },
            {
              "name": "59377",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59377"
            },
            {
              "name": "59387",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59387"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "59486",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59486"
            },
            {
              "name": "59425",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59425"
            },
            {
              "name": "59328",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59328"
            },
            {
              "name": "RHSA-2014:0741",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
            },
            {
              "name": "USN-2250-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2250-1"
            },
            {
              "name": "USN-2243-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2243-1"
            },
            {
              "name": "DSA-2960",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2014/dsa-2960"
            },
            {
              "name": "DSA-2955",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2014/dsa-2955"
            },
            {
              "name": "RHSA-2014:0742",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
            },
            {
              "name": "openSUSE-SU-2014:0819",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2014:0824",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2014:0797",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-12-28T02:29Z",
      "publishedDate": "2014-06-11T10:57Z"
    }
  }
}

FKIE_CVE-2014-1541

Vulnerability from fkie_nvd - Published: 2014-06-11 10:57 - Updated: 2025-11-25 17:50

Severity ?

Summary

References

URL	Tags
security@mozilla.org	http://linux.oracle.com/errata/ELSA-2014-0741.html
security@mozilla.org	http://linux.oracle.com/errata/ELSA-2014-0742.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2014-0741.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2014-0742.html
security@mozilla.org	http://secunia.com/advisories/58984
security@mozilla.org	http://secunia.com/advisories/59052
security@mozilla.org	http://secunia.com/advisories/59149
security@mozilla.org	http://secunia.com/advisories/59150
security@mozilla.org	http://secunia.com/advisories/59165
security@mozilla.org	http://secunia.com/advisories/59169
security@mozilla.org	http://secunia.com/advisories/59170
security@mozilla.org	http://secunia.com/advisories/59171
security@mozilla.org	http://secunia.com/advisories/59229
security@mozilla.org	http://secunia.com/advisories/59275
security@mozilla.org	http://secunia.com/advisories/59328
security@mozilla.org	http://secunia.com/advisories/59377
security@mozilla.org	http://secunia.com/advisories/59387
security@mozilla.org	http://secunia.com/advisories/59425
security@mozilla.org	http://secunia.com/advisories/59486
security@mozilla.org	http://secunia.com/advisories/59866
security@mozilla.org	http://www.debian.org/security/2014/dsa-2955
security@mozilla.org	http://www.debian.org/security/2014/dsa-2960
security@mozilla.org	http://www.mozilla.org/security/announce/2014/mfsa2014-52.html	Vendor Advisory
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
security@mozilla.org	http://www.securityfocus.com/bid/67979
security@mozilla.org	http://www.securitytracker.com/id/1030386
security@mozilla.org	http://www.securitytracker.com/id/1030388
security@mozilla.org	http://www.ubuntu.com/usn/USN-2243-1
security@mozilla.org	http://www.ubuntu.com/usn/USN-2250-1
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1000185
security@mozilla.org	https://security.gentoo.org/glsa/201504-01
af854a3a-2127-422b-91ae-364da2661108	http://linux.oracle.com/errata/ELSA-2014-0741.html
af854a3a-2127-422b-91ae-364da2661108	http://linux.oracle.com/errata/ELSA-2014-0742.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0741.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0742.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58984
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59052
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59149
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59150
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59165
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59169
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59170
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59171
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59229
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59275
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59328
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59377
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59387
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59425
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59486
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59866
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2955
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2960
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2014/mfsa2014-52.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67979
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030386
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030388
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2243-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2250-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1000185
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201504-01

Impacted products

Vendor	Product	Version
mozilla	thunderbird	*
mozilla	thunderbird	24.0
mozilla	thunderbird	24.0.1
mozilla	thunderbird	24.1
mozilla	thunderbird	24.1.1
mozilla	thunderbird	24.2
mozilla	thunderbird	24.3
mozilla	thunderbird	24.4
mozilla	firefox	*
mozilla	firefox	24.0
mozilla	firefox	24.0.1
mozilla	firefox	24.0.2
mozilla	firefox	24.1.0
mozilla	firefox	24.1.1
mozilla	firefox_esr	24.2
mozilla	firefox_esr	24.3
mozilla	firefox_esr	24.4
mozilla	firefox_esr	24.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAB6139-8CB0-4989-B0CC-067C35B01090",
              "versionEndIncluding": "24.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CCAFDF1-10BB-4AB0-9C9D-E99DDBA901BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EE89B8-705F-4A05-9015-3D6E81D394E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30AE3D4-6A3E-435E-BDBF-1A9A17297433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C705A0-62C0-485A-A077-C7DD426F80B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C802A7-E4D5-4D2D-9CE8-749A75DF7461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8A57FA-AC27-4288-8E42-97DECF3B993C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D474B11-98D0-41A3-A98B-CFB6955264AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8B8514D-277D-4D79-84E3-73BF050CE927",
              "versionEndIncluding": "29.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E772D1-DD0F-4F04-8BB4-9550F3C601E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B31FDE6-3EA6-4946-9A76-605F3C561C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46964729-D50D-4F17-A2F9-584A25E6F8DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "050A0328-B07A-4CC7-B42E-A034F3140032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "732CC40B-BCBA-436B-956F-52BE28D9B79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A237D8D8-5656-4537-AD08-30CB8B4DAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04B61AC7-E951-407F-A62E-490F9FEDE9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F70319-C8E4-4F54-9449-B0C3A59BF7C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CAD5F3B-54D7-425B-89D2-A3A86DE31BAE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n RefreshDriverTimer::TickDriver en SMIL Animation Controller en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de contenido web manipulado."
    }
  ],
  "evaluatorComment": "Per http://cwe.mitre.org/data/definitions/416.html:\n\"CWE-416: Use After Free\"",
  "id": "CVE-2014-1541",
  "lastModified": "2025-11-25T17:50:16.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-11T10:57:17.987",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/58984"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59052"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59149"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59150"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59165"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59169"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59170"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59171"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59229"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59275"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59328"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59377"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59387"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59425"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59486"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2014/dsa-2955"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2014/dsa-2960"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/67979"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1030386"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1030388"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2243-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2250-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0741.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2014-0742.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0741.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0742.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-52.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2243-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2250-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1000185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-1541 (GCVE-0-2014-1541)

CERTFR-2014-AVI-270

Solution

CVE-2014-1541

GHSA-V766-RVR2-8J2W

GSD-2014-1541

FKIE_CVE-2014-1541

Tags

Sightings

Nomenclature