CVE-2014-1522

CWE-125Out-of-bounds Read8 documents7 sources
Severity
9.3CRITICAL
EPSS
0.8%
top 26.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla SeamonkeyCanonical Ubuntu Linux+2 more
Timeline
PublishedApr 30
Latest updateMay 13

Description

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox< 29.0
NVDmozilla/seamonkey< 2.26
Ubuntufirefox< 29.0+build1-0ubuntu0.14.04.2
NVDopensuse/opensuse12.3, 13.1+1

Also affects: Fedora 19, Ubuntu Linux 12.04, 12.10, 13.10, 14.04

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

4
GHSA
GHSA-7jf8-xm5g-rcmp: The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 292022-05-13
CVEList
CVE-2014-1522: The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 292014-04-30
OSV
CVE-2014-1522: The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 292014-04-29
OSV
firefox vulnerabilities2014-04-29

📋Vendor Advisories

2
Red Hat
Mozilla: Web Audio memory corruption issues (MFSA 2014-36)2014-04-29
Ubuntu
Firefox vulnerabilities2014-04-29

💬Community

1
Bugzilla
CVE-2014-1522 Mozilla: Web Audio memory corruption issues (MFSA 2014-36)2014-05-07
CVE-2014-1522 (CRITICAL CVSS 9.3) | The mozilla::dom::OscillatorNodeEng | cvebase.io