Vulnerability-Lookup

CVE-2014-8641 (GCVE-0-2014-8641)

Vulnerability from cvelistv5 – Published: 2015-01-14 11:00 – Updated: 2024-08-06 13:26

Summary

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2015-0046.html	vendor-advisoryx_refsource_REDHAT
	http://www.mozilla.org/security/announce/2014/mfs…	x_refsource_CONFIRM
	http://secunia.com/advisories/62242	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1031533	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/72044	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1108455	x_refsource_CONFIRM
	http://secunia.com/advisories/62250	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62237	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62418	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62316	third-party-advisoryx_refsource_SECUNIA
	https://security.gentoo.org/glsa/201504-01	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/62313	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/62790	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/62293	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/62446	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/62273	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2015/dsa-3127	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://linux.oracle.com/errata/ELSA-2015-0046.html	x_refsource_CONFIRM
	http://secunia.com/advisories/62253	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:26:02.418Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:0046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
          },
          {
            "name": "62242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62242"
          },
          {
            "name": "1031533",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031533"
          },
          {
            "name": "72044",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72044"
          },
          {
            "name": "openSUSE-SU-2015:0192",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
          },
          {
            "name": "62250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62250"
          },
          {
            "name": "SUSE-SU-2015:0173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
          },
          {
            "name": "62237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62237"
          },
          {
            "name": "openSUSE-SU-2015:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
          },
          {
            "name": "62418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62418"
          },
          {
            "name": "SUSE-SU-2015:0171",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
          },
          {
            "name": "62316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62316"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "62313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62313"
          },
          {
            "name": "62790",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62790"
          },
          {
            "name": "62293",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62293"
          },
          {
            "name": "62446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62446"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "62273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62273"
          },
          {
            "name": "DSA-3127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3127"
          },
          {
            "name": "SUSE-SU-2015:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
          },
          {
            "name": "62253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62253"
          },
          {
            "name": "firefox-cve20148641-dos(99961)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "RHSA-2015:0046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
        },
        {
          "name": "62242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62242"
        },
        {
          "name": "1031533",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031533"
        },
        {
          "name": "72044",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72044"
        },
        {
          "name": "openSUSE-SU-2015:0192",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
        },
        {
          "name": "62250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62250"
        },
        {
          "name": "SUSE-SU-2015:0173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
        },
        {
          "name": "62237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62237"
        },
        {
          "name": "openSUSE-SU-2015:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
        },
        {
          "name": "62418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62418"
        },
        {
          "name": "SUSE-SU-2015:0171",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
        },
        {
          "name": "62316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62316"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "name": "62313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62313"
        },
        {
          "name": "62790",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62790"
        },
        {
          "name": "62293",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62293"
        },
        {
          "name": "62446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62446"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "62273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62273"
        },
        {
          "name": "DSA-3127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3127"
        },
        {
          "name": "SUSE-SU-2015:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
        },
        {
          "name": "62253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62253"
        },
        {
          "name": "firefox-cve20148641-dos(99961)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-8641",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:0046",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
            },
            {
              "name": "62242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62242"
            },
            {
              "name": "1031533",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031533"
            },
            {
              "name": "72044",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72044"
            },
            {
              "name": "openSUSE-SU-2015:0192",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
            },
            {
              "name": "62250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62250"
            },
            {
              "name": "SUSE-SU-2015:0173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
            },
            {
              "name": "62237",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62237"
            },
            {
              "name": "openSUSE-SU-2015:0077",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
            },
            {
              "name": "62418",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62418"
            },
            {
              "name": "SUSE-SU-2015:0171",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
            },
            {
              "name": "62316",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62316"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "62313",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62313"
            },
            {
              "name": "62790",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62790"
            },
            {
              "name": "62293",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62293"
            },
            {
              "name": "62446",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62446"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "62273",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62273"
            },
            {
              "name": "DSA-3127",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3127"
            },
            {
              "name": "SUSE-SU-2015:0180",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
            },
            {
              "name": "62253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62253"
            },
            {
              "name": "firefox-cve20148641-dos(99961)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-8641",
    "datePublished": "2015-01-14T11:00:00.000Z",
    "dateReserved": "2014-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:26:02.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2014-8641

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-8641

Aliases

CVE-2014-8641

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8641",
    "description": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.",
    "id": "GSD-2014-8641",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-8641.html",
      "https://www.debian.org/security/2015/dsa-3127",
      "https://access.redhat.com/errata/RHSA-2015:0046",
      "https://ubuntu.com/security/CVE-2014-8641",
      "https://advisories.mageia.org/CVE-2014-8641.html",
      "https://linux.oracle.com/cve/CVE-2014-8641.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8641"
      ],
      "details": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.",
      "id": "GSD-2014-8641",
      "modified": "2023-12-13T01:22:49.313237Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2014-8641",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2015:0046",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
          },
          {
            "name": "62242",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62242"
          },
          {
            "name": "1031533",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031533"
          },
          {
            "name": "72044",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72044"
          },
          {
            "name": "openSUSE-SU-2015:0192",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
          },
          {
            "name": "62250",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62250"
          },
          {
            "name": "SUSE-SU-2015:0173",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
          },
          {
            "name": "62237",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62237"
          },
          {
            "name": "openSUSE-SU-2015:0077",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
          },
          {
            "name": "62418",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62418"
          },
          {
            "name": "SUSE-SU-2015:0171",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
          },
          {
            "name": "62316",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62316"
          },
          {
            "name": "GLSA-201504-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "62313",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62313"
          },
          {
            "name": "62790",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62790"
          },
          {
            "name": "62293",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62293"
          },
          {
            "name": "62446",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62446"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "62273",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62273"
          },
          {
            "name": "DSA-3127",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3127"
          },
          {
            "name": "SUSE-SU-2015:0180",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
          },
          {
            "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
            "refsource": "CONFIRM",
            "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
          },
          {
            "name": "62253",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62253"
          },
          {
            "name": "firefox-cve20148641-dos(99961)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.31",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "34.0.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-8641"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
            },
            {
              "name": "62242",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62242"
            },
            {
              "name": "62250",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62250"
            },
            {
              "name": "1031533",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031533"
            },
            {
              "name": "62237",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62237"
            },
            {
              "name": "62446",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62446"
            },
            {
              "name": "62790",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62790"
            },
            {
              "name": "DSA-3127",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3127"
            },
            {
              "name": "RHSA-2015:0046",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
            },
            {
              "name": "openSUSE-SU-2015:0192",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2015:0077",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
            },
            {
              "name": "SUSE-SU-2015:0171",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
            },
            {
              "name": "SUSE-SU-2015:0173",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
            },
            {
              "name": "SUSE-SU-2015:0180",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "72044",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/72044"
            },
            {
              "name": "62418",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62418"
            },
            {
              "name": "62316",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62316"
            },
            {
              "name": "62313",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62313"
            },
            {
              "name": "62293",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62293"
            },
            {
              "name": "62273",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62273"
            },
            {
              "name": "62253",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62253"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
            },
            {
              "name": "firefox-cve20148641-dos(99961)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-01-14T11:59Z"
    }
  }
}

CERTFR-2015-AVI-020

Vulnerability from certfr_avis - Published: 2015-01-14 - Updated: 2015-01-14

De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	N/A	SeaMonkey versions antérieures à 2.32
Mozilla	Firefox	Firefox versions antérieures à 35
Mozilla	Thunderbird	ThunderBird versions antérieures à 31.4
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 31.4

References

Title

Publication Time

CNVD-2015-00368

Vulnerability from cnvd - Published: 2015-01-16

Title

Mozilla Firefox/SeaMonkey WebRTC内存破坏漏洞

Description

Firefox/SeaMonkey是Mozilla所发布的WEB浏览器和新闻组客户端。 Mozilla Firefox/SeaMonkey存在内存破坏漏洞，允许攻击者利用漏洞在受影响的应用程序的用户的上下文中执行任意代码。

Severity

高

Patch Name

Mozilla Firefox/SeaMonkey WebRTC内存破坏漏洞的补丁

Patch Description

Firefox/SeaMonkey是Mozilla所发布的WEB浏览器和新闻组客户端。 Mozilla Firefox/SeaMonkey存在内存破坏漏洞，允许攻击者利用漏洞在受影响的应用程序的用户的上下文中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.mozilla.org/en-US/ http://www.seamonkey-project.org/

Reference

http://www.securityfocus.com/bid/72044 https://www.mozilla.org/zh-CN/security/advisories/mfsa2015-06/

Impacted products

Name
['Mozilla Firefox ESR 31.4', 'Mozilla Firefox 35', 'Mozilla SeaMonkey 2.32']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72044"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8641"
    }
  },
  "description": "Firefox/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002 \r\n\r\nMozilla Firefox/SeaMonkey\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Mitchell Harper",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.mozilla.org/en-US/\r\nhttp://www.seamonkey-project.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00368",
  "openTime": "2015-01-16",
  "patchDescription": "Firefox/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002\r\nMozilla Firefox/SeaMonkey\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox/SeaMonkey WebRTC\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox ESR 31.4",
      "Mozilla Firefox 35",
      "Mozilla SeaMonkey 2.32"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/72044\r\nhttps://www.mozilla.org/zh-CN/security/advisories/mfsa2015-06/",
  "serverity": "\u9ad8",
  "submitTime": "2015-01-15",
  "title": "Mozilla Firefox/SeaMonkey WebRTC\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

FKIE_CVE-2014-8641

Vulnerability from fkie_nvd - Published: 2015-01-14 11:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
security@mozilla.org	http://linux.oracle.com/errata/ELSA-2015-0046.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2015-0046.html
security@mozilla.org	http://secunia.com/advisories/62237
security@mozilla.org	http://secunia.com/advisories/62242
security@mozilla.org	http://secunia.com/advisories/62250
security@mozilla.org	http://secunia.com/advisories/62253
security@mozilla.org	http://secunia.com/advisories/62273
security@mozilla.org	http://secunia.com/advisories/62293
security@mozilla.org	http://secunia.com/advisories/62313
security@mozilla.org	http://secunia.com/advisories/62316
security@mozilla.org	http://secunia.com/advisories/62418
security@mozilla.org	http://secunia.com/advisories/62446
security@mozilla.org	http://secunia.com/advisories/62790
security@mozilla.org	http://www.debian.org/security/2015/dsa-3127
security@mozilla.org	http://www.mozilla.org/security/announce/2014/mfsa2015-06.html	Vendor Advisory
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
security@mozilla.org	http://www.securityfocus.com/bid/72044
security@mozilla.org	http://www.securitytracker.com/id/1031533
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1108455
security@mozilla.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/99961
security@mozilla.org	https://security.gentoo.org/glsa/201504-01
af854a3a-2127-422b-91ae-364da2661108	http://linux.oracle.com/errata/ELSA-2015-0046.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0046.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62237
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62242
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62250
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62253
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62273
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62293
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62313
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62316
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62418
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62446
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62790
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3127
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2014/mfsa2015-06.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72044
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031533
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1108455
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99961
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201504-01

Impacted products

Vendor	Product	Version
mozilla	seamonkey	*
mozilla	firefox	31.0
mozilla	firefox	31.1.0
mozilla	firefox	31.1.1
mozilla	firefox	31.3.0
mozilla	firefox_esr	31.2
mozilla	firefox	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E929387-65C1-4D6E-976D-8DB6EEBDD58A",
              "versionEndIncluding": "2.31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E8D7C7-B578-4623-9EA2-D13965DBE1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E5D043-71F8-4A61-BEA4-176153E26FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48BDA1BA-1A04-4CD5-850A-0AB5990DAEA1",
              "versionEndIncluding": "34.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la implementaci\u00f3n WebRTC en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, y SeaMonkey anterior a 2.32 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos track manipulados."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
  "id": "CVE-2014-8641",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-14T11:59:09.727",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62237"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62242"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62250"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62253"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62273"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62293"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62313"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62316"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62418"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62446"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62790"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2015/dsa-3127"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/72044"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1031533"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CCGG-X9XX-X49V

Vulnerability from github – Published: 2022-05-17 01:12 – Updated: 2022-05-17 01:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8641"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-14T11:59:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.",
  "id": "GHSA-ccgg-x9xx-x49v",
  "modified": "2022-05-17T01:12:57Z",
  "published": "2022-05-17T01:12:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8641"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62237"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62242"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62250"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62253"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62273"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62293"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62313"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62316"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62418"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62446"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62790"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3127"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72044"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031533"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8641 (GCVE-0-2014-8641)

GSD-2014-8641

CERTFR-2015-AVI-020

Solution

CNVD-2015-00368

FKIE_CVE-2014-8641

GHSA-CCGG-X9XX-X49V

Tags

Sightings

Nomenclature