CVE-2014-1478 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.2%

top 20.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +2 more

Timeline

PublishedFeb 6

Latest updateMay 13

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox< 27.0

▶NVDmozilla/seamonkey< 2.24

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse11.4, 12.3, 13.1+2

Also affects: Ubuntu Linux 12.04, 12.10, 13.10

🔴Vulnerability Details

GHSA

GHSA-3phx-gw24-fgrp: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27↗2022-05-13

▶

CVEList

CVE-2014-1478: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27↗2014-02-06

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2014-02-10

▶

Red Hat

Mozilla: Miscellaneous memory safety hazards (rv:27.0) (MFSA 2014-01)↗2014-02-04

▶

💬Community

Bugzilla

CVE-2014-1478 Mozilla: Miscellaneous memory safety hazards (rv:27.0) (MFSA 2014-01)↗2014-02-04

▶