[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247085

 
 

909

 
 

194218

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-1592Date: (C)2015-01-02   (M)2024-03-27


Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-71398
DSA-3090
DSA-3092
GLSA-201504-01
http://www.mozilla.org/security/announce/2014/mfsa2014-87.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1088635
openSUSE-SU-2015:0138
openSUSE-SU-2015:1266

CPE    3
cpe:/a:mozilla:firefox:33.0
cpe:/a:mozilla:thunderbird:31.2
cpe:/a:mozilla:firefox_esr:31.2
OVAL    21
oval:org.secpod.oval:def:1500812
oval:org.secpod.oval:def:601863
oval:org.secpod.oval:def:501460
oval:org.secpod.oval:def:52353
...

© SecPod Technologies