Vulnerabilities > CVE-2014-1562 - Buffer Errors vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-531.NASL description MozillaThunderbird was updated to Thunderbird 31.1.0 (bnc#894370), fixinfg security issues : - MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards - MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG - MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering - MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline - MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - update to Thunderbird 31.0 - based on Gecko 31 - Autocompleting email addresses now matches against any part of the name or email - Composing a mail to a newsgroup will now autocomplete newsgroup names - Insecure NTLM (pre-NTLMv2) authentication disabled last seen 2020-06-05 modified 2014-09-11 plugin id 77619 published 2014-09-11 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77619 title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1098-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-531. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(77619); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-1553", "CVE-2014-1562", "CVE-2014-1563", "CVE-2014-1564", "CVE-2014-1565", "CVE-2014-1567"); script_bugtraq_id(69519, 69520, 69521, 69523, 69524, 69525); script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1098-1)"); script_summary(english:"Check for the openSUSE-2014-531 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "MozillaThunderbird was updated to Thunderbird 31.1.0 (bnc#894370), fixinfg security issues : - MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards - MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG - MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering - MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline - MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - update to Thunderbird 31.0 - based on Gecko 31 - Autocompleting email addresses now matches against any part of the name or email - Composing a mail to a newsgroup will now autocomplete newsgroup names - Insecure NTLM (pre-NTLMv2) authentication disabled" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=894370" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-09/msg00010.html" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaThunderbird packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-31.1.0-61.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-buildsymbols-31.1.0-61.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debuginfo-31.1.0-61.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debugsource-31.1.0-61.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-31.1.0-61.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-common-31.1.0-61.59.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-other-31.1.0-61.59.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-31.1.0-70.31.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-buildsymbols-31.1.0-70.31.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debuginfo-31.1.0-70.31.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debugsource-31.1.0-70.31.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-devel-31.1.0-70.31.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-common-31.1.0-70.31.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-other-31.1.0-70.31.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3018.NASL description Multiple security issues have been found in Iceweasel, Debian last seen 2020-03-17 modified 2014-09-04 plugin id 77511 published 2014-09-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77511 title Debian DSA-3018-1 : iceweasel - security update NASL family Windows NASL id MOZILLA_FIREFOX_24_8_ESR.NASL description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77498 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77498 title Firefox ESR 24.x < 24.8 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_THUNDERBIRD_31_1.NASL description The version of Thunderbird installed on the remote host is a version prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77502 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77502 title Mozilla Thunderbird < 31.1 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201504-01.NASL description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82632 published 2015-04-08 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82632 title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities NASL family Windows NASL id MOZILLA_THUNDERBIRD_24_8.NASL description The version of Thunderbird 24.x installed on the remote host is a version prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77501 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77501 title Mozilla Thunderbird 24.x < 24.8 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-530.NASL description Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint last seen 2020-06-05 modified 2014-09-11 plugin id 77618 published 2014-09-11 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77618 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1099-1) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_24_8.NASL description The version of Thunderbird 24.x installed on the remote Mac OS X host is a version prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77496 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77496 title Mozilla Thunderbird 24.x < 24.8 Multiple Vulnerabilities (Mac OS X) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1145.NASL description An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.8.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.8.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2014-09-04 plugin id 77520 published 2014-09-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77520 title RHEL 5 / 6 : thunderbird (RHSA-2014:1145) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1145.NASL description From Red Hat Security Advisory 2014:1145 : An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.8.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.8.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2014-09-04 plugin id 77514 published 2014-09-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77514 title Oracle Linux 6 : thunderbird (ELSA-2014-1145) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_24_8_ESR.NASL description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77493 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77493 title Firefox ESR 24.x < 24.8 Multiple Vulnerabilities (Mac OS X) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1144.NASL description From Red Hat Security Advisory 2014:1144 : Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.8.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-05-31 modified 2014-09-04 plugin id 77513 published 2014-09-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77513 title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2014-1144) NASL family Windows NASL id MOZILLA_FIREFOX_31_1_ESR.NASL description The version of Firefox ESR 31.x installed on the remote host is prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77499 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77499 title Firefox ESR 31.x < 31.1 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_32.NASL description The version of Firefox installed on the remote host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77500 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77500 title Firefox < 32.0 Multiple Vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20140903_FIREFOX_ON_SL5_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-03-18 modified 2014-09-05 plugin id 77551 published 2014-09-05 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77551 title Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20140903) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2330-1.NASL description Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1553, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1567). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77664 published 2014-09-12 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77664 title Ubuntu 12.04 LTS / 14.04 LTS : thunderbird vulnerabilities (USN-2330-1) NASL family Scientific Linux Local Security Checks NASL id SL_20140903_THUNDERBIRD_ON_SL5_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-03-18 modified 2014-09-05 plugin id 77554 published 2014-09-05 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77554 title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20140903) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1145.NASL description An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.8.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.8.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2014-09-04 plugin id 77506 published 2014-09-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77506 title CentOS 5 / 6 : thunderbird (CESA-2014:1145) NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX-201409-140903.NASL description Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream : - Security researcher regenrecht reported, via TippingPoint last seen 2020-06-05 modified 2014-09-10 plugin id 77599 published 2014-09-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77599 title SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9687) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_31_1.NASL description The version of Thunderbird installed on the remote Mac OS X host is a version prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77497 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77497 title Mozilla Thunderbird < 31.1 Multiple Vulnerabilities (Mac OS X) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3028.NASL description Multiple security issues have been found in Icedove, Debian last seen 2020-03-17 modified 2014-09-19 plugin id 77752 published 2014-09-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77752 title Debian DSA-3028-1 : icedove - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2329-1.NASL description Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1567). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77486 published 2014-09-03 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77486 title Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2329-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1144.NASL description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.8.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-05-31 modified 2014-09-04 plugin id 77519 published 2014-09-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77519 title RHEL 5 / 6 / 7 : firefox (RHSA-2014:1144) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1144.NASL description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.8.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 77505 published 2014-09-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77505 title CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2014:1144) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_31_1_ESR.NASL description The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77494 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77494 title Firefox ESR 31.x < 31.1 Multiple Vulnerabilities (Mac OS X) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_32.NASL description The version of Firefox installed on the remote Mac OS X host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567) last seen 2020-06-01 modified 2020-06-02 plugin id 77495 published 2014-09-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77495 title Firefox < 32.0 Multiple Vulnerabilities (Mac OS X)
Redhat
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
- http://secunia.com/advisories/60148
- http://secunia.com/advisories/60186
- http://secunia.com/advisories/61114
- http://secunia.com/advisories/61390
- http://www.debian.org/security/2014/dsa-3018
- http://www.debian.org/security/2014/dsa-3028
- http://www.mozilla.org/security/announce/2014/mfsa2014-67.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/69519
- http://www.securitytracker.com/id/1030793
- http://www.securitytracker.com/id/1030794
- https://bugzilla.mozilla.org/show_bug.cgi?id=1054359
- https://security.gentoo.org/glsa/201504-01