Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Thunderbird vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-2151-1 | First vendor Publication | 2014-03-21 |
| Vendor | Ubuntu | Last vendor Modification | 2014-03-21 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1493) Atte Kettunen discovered an out-of-bounds read during WAV file decoding. If a user had enabled audio, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1497) Robert O'Callahan discovered a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1505) Tyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read during polygon rendering in MathML. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential information across domains. (CVE-2014-1508) John Thomson discovered a memory corruption bug in the Cairo graphics library. If a user had a malicious extension installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1509) Mariusz Mlynski discovered that web content could open a chrome privileged page and bypass the popup blocker in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1510, CVE-2014-1511) It was discovered that memory pressure during garbage collection resulted in memory corruption in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1512) Jüri Aedla discovered out-of-bounds reads and writes with TypedArrayObject in some circumstances. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1513) George Hotz discovered an out-of-bounds write with TypedArrayObject. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1514) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: Ubuntu 12.10: Ubuntu 12.04 LTS: After a standard system update you need to restart Thunderbird to make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-2151-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 20 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 20 % | CWE-269 | Improper Privilege Management |
| 20 % | CWE-125 | Out-of-bounds Read |
| 10 % | CWE-416 | Use After Free |
| 10 % | CWE-200 | Information Exposure |
| 10 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
| 10 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:23516 | |||
| Oval ID: | oval:org.mitre.oval:def:23516 | ||
| Title: | DEPRECATED: ELSA-2014:0310: firefox security update (Critical) | ||
| Description: | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0310-00 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 15 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23735 | |||
| Oval ID: | oval:org.mitre.oval:def:23735 | ||
| Title: | USN-2150-1 -- firefox vulnerabilities | ||
| Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2150-1 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23744 | |||
| Oval ID: | oval:org.mitre.oval:def:23744 | ||
| Title: | The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements. | ||
| Description: | The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1505 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23979 | |||
| Oval ID: | oval:org.mitre.oval:def:23979 | ||
| Title: | RHSA-2014:0316: thunderbird security update (Important) | ||
| Description: | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Thunderbird rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1509) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Jüri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.4.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.4.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0316-00 CESA-2014:0316 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 27 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24017 | |||
| Oval ID: | oval:org.mitre.oval:def:24017 | ||
| Title: | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. | ||
| Description: | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1510 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24097 | |||
| Oval ID: | oval:org.mitre.oval:def:24097 | ||
| Title: | USN-2151-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2151-1 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24225 | |||
| Oval ID: | oval:org.mitre.oval:def:24225 | ||
| Title: | DSA-2881-1 iceweasel - security update | ||
| Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2881-1 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24293 | |||
| Oval ID: | oval:org.mitre.oval:def:24293 | ||
| Title: | RHSA-2014:0310: firefox security update (Critical) | ||
| Description: | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Jüri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0310-00 CESA-2014:0310 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 27 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24343 | |||
| Oval ID: | oval:org.mitre.oval:def:24343 | ||
| Title: | DEPRECATED: ELSA-2014:0316: thunderbird security update (Important) | ||
| Description: | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Thunderbird rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1509) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Jüri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.4.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.4.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0316-00 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 15 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24418 | |||
| Oval ID: | oval:org.mitre.oval:def:24418 | ||
| Title: | ELSA-2014:0316: thunderbird security update (Important) | ||
| Description: | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Thunderbird rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1509) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Jüri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.4.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.4.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0316-00 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 14 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24447 | |||
| Oval ID: | oval:org.mitre.oval:def:24447 | ||
| Title: | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. | ||
| Description: | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1511 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24458 | |||
| Oval ID: | oval:org.mitre.oval:def:24458 | ||
| Title: | ELSA-2014:0310: firefox security update (Critical) | ||
| Description: | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Jüri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0310-00 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 14 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24500 | |||
| Oval ID: | oval:org.mitre.oval:def:24500 | ||
| Title: | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. | ||
| Description: | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1497 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24512 | |||
| Oval ID: | oval:org.mitre.oval:def:24512 | ||
| Title: | Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. | ||
| Description: | Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1512 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24519 | |||
| Oval ID: | oval:org.mitre.oval:def:24519 | ||
| Title: | The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. | ||
| Description: | The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1508 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24534 | |||
| Oval ID: | oval:org.mitre.oval:def:24534 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1493 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24549 | |||
| Oval ID: | oval:org.mitre.oval:def:24549 | ||
| Title: | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. | ||
| Description: | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1509 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24571 | |||
| Oval ID: | oval:org.mitre.oval:def:24571 | ||
| Title: | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. | ||
| Description: | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1513 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24625 | |||
| Oval ID: | oval:org.mitre.oval:def:24625 | ||
| Title: | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. | ||
| Description: | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1514 | Version: | 9 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24858 | |||
| Oval ID: | oval:org.mitre.oval:def:24858 | ||
| Title: | SUSE-SU-2014:0418-1 -- Security update for MozillaFirefox | ||
| Description: | Mozilla Firefox was updated to 24.4.0ESR release, fixing various security issues and bugs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0418-1 CVE-2014-1493 CVE-2014-1494 CVE-2014-1496 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1501 CVE-2014-1502 CVE-2014-1504 CVE-2014-1508 CVE-2014-1509 CVE-2014-1505 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 5 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | MozillaFirefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26747 | |||
| Oval ID: | oval:org.mitre.oval:def:26747 | ||
| Title: | DEPRECATED: ELSA-2014-0316 -- thunderbird security update (important) | ||
| Description: | [24.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [24.4.0-1] - Update to 24.4.0 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0316 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27285 | |||
| Oval ID: | oval:org.mitre.oval:def:27285 | ||
| Title: | DEPRECATED: ELSA-2014-0310 -- firefox security update (critical) | ||
| Description: | [24.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.4.0-1] - Update to 24.4.0 ESR [24.3.0-4] - Fixed rhbz#1070467 - Enable Add Ons by default in Firefox [24.3.0-3] - Fixed rhbz#1054832 - Firefox does not support Camellia cipher | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0310 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-03-20 | IAVM : 2014-A-0043 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0046769 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-01-18 | Multiple browser pressure function denial of service attempt RuleID : 45206 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2016-03-15 | Mozilla Firefox IDL fragment privilege escalation attempt RuleID : 37626 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2015-08-04 | Mozilla Firefox IDL fragment privilege escalation attempt RuleID : 35052 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2015-08-04 | Mozilla Firefox IDL fragment privilege escalation attempt RuleID : 35051 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-11-16 | Multiple browser pressure function denial of service attempt RuleID : 31513 - Revision : 3 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-321.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-256.nasl - Type : ACT_GATHER_INFO |
| 2014-04-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2911.nasl - Type : ACT_GATHER_INFO |
| 2014-03-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2151-1.nasl - Type : ACT_GATHER_INFO |
| 2014-03-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201403-140320.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2881.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140319_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140318_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0316.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2014-0316.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_610de647af8d11e3a25bb4b52fce4ce8.nasl - Type : ACT_GATHER_INFO |
| 2014-03-20 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2014-0316.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2014-0310.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2150-1.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2_25.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0310.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2014-0310.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_4.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_28.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_4_esr.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_4.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_28.nasl - Type : ACT_GATHER_INFO |
| 2014-03-19 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_4_esr.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-03-23 13:21:27 |
|
| 2014-03-21 21:22:17 |
|
