CVE-2014-1493
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@mozilla.org — https://bugzilla.mozilla.org/show_bug.cgi?id=977538
Vendor advisory: security@mozilla.org — https://bugzilla.mozilla.org/show_bug.cgi?id=967341
Vendor advisory: security@mozilla.org — https://bugzilla.mozilla.org/show_bug.cgi?id=965982
Vendor advisory: security@mozilla.org — https://bugzilla.mozilla.org/show_bug.cgi?id=963974
Vendor advisory: security@mozilla.org — https://bugzilla.mozilla.org/show_bug.cgi?id=960145
Vendor advisory: security@mozilla.org — https://bugzilla.mozilla.org/show_bug.cgi?id=958867
Vendor advisory: security@mozilla.org — https://bugzilla.mozilla.org/show_bug.cgi?id=896268
Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| ubuntu | 12.04 | affected | |
| ubuntu | 12.10 | affected | |
| ubuntu | 13.10 | affected | |
| debian | 7.0 | affected | |
| debian | 8.0 | affected | |
| suse | 11.4 | affected | |
| suse | 12.3 | affected | |
| suse | 13.1 | affected | |
| suse | 11 | affected | |
| rhel | 5.0 | affected | |
| rhel | 6.0 | affected | |
| rhel | 6.5 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endExcluding":"28.0"} | 28.0 |
| mozilla | seamonkey | {"endExcluding":"2.25"} | 2.25 |
| mozilla | thunderbird | {"endExcluding":"24.4"} | 24.4 |
| suse | suse_linux_enterprise_software_development_kit | 11.0 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2014-0310.html
- http://rhn.redhat.com/errata/RHSA-2014-0316.html
- http://www.debian.org/security/2014/dsa-2881
- http://www.debian.org/security/2014/dsa-2911
- http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/66412
- http://www.ubuntu.com/usn/USN-2151-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=896268
- https://bugzilla.mozilla.org/show_bug.cgi?id=958867
- https://bugzilla.mozilla.org/show_bug.cgi?id=960145
- https://bugzilla.mozilla.org/show_bug.cgi?id=963974
- https://bugzilla.mozilla.org/show_bug.cgi?id=965982
- https://bugzilla.mozilla.org/show_bug.cgi?id=967341
- https://bugzilla.mozilla.org/show_bug.cgi?id=977538
- https://security.gentoo.org/glsa/201504-01
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2014-0310.html
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.