CVE-2014-1555

CVSS v2.0 9.3 (High)

EPSS 6.92 % (94^th)

Affected Products 3

Advisories 10

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2014-07-23 11:12:43
(10 years ago)
Updated Date: 2017-01-07 02:59:39
(7 years ago)

Affected Products

Mozilla

Configuration #1

	CPE23	Up To
Mozilla Firefox 30.0 and prior versions	cpe:2.3:a:mozilla:firefox	<= 30.0
Mozilla Firefox Esr 24.0	cpe:2.3:a:mozilla:firefox_esr:24.0
Mozilla Firefox Esr 24.0.1	cpe:2.3:a:mozilla:firefox_esr:24.0.1
Mozilla Firefox Esr 24.0.2	cpe:2.3:a:mozilla:firefox_esr:24.0.2
Mozilla Firefox Esr 24.1.0	cpe:2.3:a:mozilla:firefox_esr:24.1.0
Mozilla Firefox Esr 24.1.1	cpe:2.3:a:mozilla:firefox_esr:24.1.1
Mozilla Firefox Esr 24.2	cpe:2.3:a:mozilla:firefox_esr:24.2
Mozilla Firefox Esr 24.3	cpe:2.3:a:mozilla:firefox_esr:24.3
Mozilla Firefox Esr 24.4	cpe:2.3:a:mozilla:firefox_esr:24.4
Mozilla Firefox Esr 24.5	cpe:2.3:a:mozilla:firefox_esr:24.5
Mozilla Firefox Esr 24.6	cpe:2.3:a:mozilla:firefox_esr:24.6
Mozilla Thunderbird 24.6 and prior versions	cpe:2.3:a:mozilla:thunderbird	<= 24.6
Mozilla Thunderbird 24.0	cpe:2.3:a:mozilla:thunderbird:24.0
Mozilla Thunderbird 24.0.1	cpe:2.3:a:mozilla:thunderbird:24.0.1
Mozilla Thunderbird 24.1	cpe:2.3:a:mozilla:thunderbird:24.1
Mozilla Thunderbird 24.1.1	cpe:2.3:a:mozilla:thunderbird:24.1.1
Mozilla Thunderbird 24.2	cpe:2.3:a:mozilla:thunderbird:24.2
Mozilla Thunderbird 24.3	cpe:2.3:a:mozilla:thunderbird:24.3
Mozilla Thunderbird 24.4	cpe:2.3:a:mozilla:thunderbird:24.4
Mozilla Thunderbird 24.5	cpe:2.3:a:mozilla:thunderbird:24.5