CVE-2014-1488 — Mozilla Firefox vulnerability

7 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.1%

top 22.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +5 more

Timeline

PublishedFeb 6

Latest updateMay 13

Description

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

▶NVDmozilla/firefox< 27.0

▶NVDmozilla/seamonkey< 2.24

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse12.3, 13.1+1

▶NVDsuse/linux_enterprise_server11

Also affects: Ubuntu Linux 12.04, 12.10, 13.10

🔴Vulnerability Details

GHSA

GHSA-8245-5hw5-c5xw: The Web workers implementation in Mozilla Firefox before 27↗2022-05-13

▶

CVEList

CVE-2014-1488: The Web workers implementation in Mozilla Firefox before 27↗2014-02-06

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2014-02-10

▶

Red Hat

Mozilla: Crash when using web workers with asm.js (MFSA 2014-11)↗2014-02-04

▶

💬Community

Bugzilla

CVE-2014-1488 Mozilla: Crash when using web workers with asm.js (MFSA 2014-11)↗2014-02-04

▶

Bugzilla

CVE-2013-1488 OpenJDK: JDBC driver manager improper toString calls (CanSecWest 2013, Libraries, 8009814)↗2013-03-11

▶