CVE-2014-1563

CVSS v2.0 10 (High)

EPSS 63.22 % (98^th)

Affected Products 6

Advisories 3

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2014-09-03 10:55:06
(10 years ago)
Updated Date: 2018-10-30 16:27:34
(5 years ago)

Affected Products

Mozilla

Opensuse

Oracle

Solaris

Configuration #1

		CPE23	From	Up To
	Opensuse Evergreen 11.4	cpe:2.3:o:opensuse:evergreen:11.4
	Opensuse 12.3	cpe:2.3:o:opensuse:opensuse:12.3
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1

Configuration #2

		CPE23	From	Up To
	Oracle Solaris 11.3	cpe:2.3:o:oracle:solaris:11.3

Configuration #3

	CPE23	Up To
Mozilla Firefox 31.1.0 and prior versions	cpe:2.3:a:mozilla:firefox	<= 31.1.0
Mozilla Firefox 30.0	cpe:2.3:a:mozilla:firefox:30.0
Mozilla Firefox 31.0	cpe:2.3:a:mozilla:firefox:31.0
Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
Mozilla Thunderbird 31.0	cpe:2.3:a:mozilla:thunderbird:31.0