CVE-2014-1541

CVSS v2.0 10 (High)

EPSS 7.13 % (94^th)

Affected Products 3

Advisories 10

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2014-06-11 10:57:17
(10 years ago)
Updated Date: 2017-12-28 02:29:01
(6 years ago)

Affected Products

Mozilla

Configuration #1

	CPE23	Up To
Mozilla Thunderbird 24.5 and prior versions	cpe:2.3:a:mozilla:thunderbird	<= 24.5
Mozilla Thunderbird 24.0	cpe:2.3:a:mozilla:thunderbird:24.0
Mozilla Thunderbird 24.0.1	cpe:2.3:a:mozilla:thunderbird:24.0.1
Mozilla Thunderbird 24.1	cpe:2.3:a:mozilla:thunderbird:24.1
Mozilla Thunderbird 24.1.1	cpe:2.3:a:mozilla:thunderbird:24.1.1
Mozilla Thunderbird 24.2	cpe:2.3:a:mozilla:thunderbird:24.2
Mozilla Thunderbird 24.3	cpe:2.3:a:mozilla:thunderbird:24.3
Mozilla Thunderbird 24.4	cpe:2.3:a:mozilla:thunderbird:24.4

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox 29.0.1 and prior versions	cpe:2.3:a:mozilla:firefox		<= 29.0.1

Configuration #3

		CPE23	From	Up To
	Mozilla Firefox Esr 24.0	cpe:2.3:a:mozilla:firefox_esr:24.0
	Mozilla Firefox Esr 24.0.1	cpe:2.3:a:mozilla:firefox_esr:24.0.1
	Mozilla Firefox Esr 24.0.2	cpe:2.3:a:mozilla:firefox_esr:24.0.2
	Mozilla Firefox Esr 24.1.0	cpe:2.3:a:mozilla:firefox_esr:24.1.0
	Mozilla Firefox Esr 24.1.1	cpe:2.3:a:mozilla:firefox_esr:24.1.1
	Mozilla Firefox Esr 24.2	cpe:2.3:a:mozilla:firefox_esr:24.2
	Mozilla Firefox Esr 24.3	cpe:2.3:a:mozilla:firefox_esr:24.3
	Mozilla Firefox Esr 24.4	cpe:2.3:a:mozilla:firefox_esr:24.4
	Mozilla Firefox Esr 24.5	cpe:2.3:a:mozilla:firefox_esr:24.5