CVE-2014-1578

CVSS v2.0 7.5 (High)

EPSS 5.15 % (93^th)

Affected Products 3

Advisories 10

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2014-10-15 10:55:06
(10 years ago)
Updated Date: 2016-12-24 02:59:01
(7 years ago)

Affected Products

Mozilla

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
	Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0

Configuration #2

	CPE23	Up To
Mozilla Firefox 32.0 and prior versions	cpe:2.3:a:mozilla:firefox	<= 32.0
Mozilla Firefox 30.0	cpe:2.3:a:mozilla:firefox:30.0
Mozilla Firefox 31.0	cpe:2.3:a:mozilla:firefox:31.0
Mozilla Firefox 31.1.0	cpe:2.3:a:mozilla:firefox:31.1.0

Configuration #3

		CPE23	From	Up To
	Mozilla Thunderbird 31.0	cpe:2.3:a:mozilla:thunderbird:31.0
	Mozilla Thunderbird 31.1.0	cpe:2.3:a:mozilla:thunderbird:31.1.0