CVE-2014-1549 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources

Severity

9.3CRITICALNVD

OSV10.0

EPSS

3.1%

top 13.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 23

Latest updateMay 17

Description

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶Ubuntumozilla/firefox< 31.0+build1-0ubuntu0.14.04.1

▶Ubuntumozilla/thunderbird< 1:31.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox30.0

▶NVDmozilla/thunderbird24.7+9

🔴Vulnerability Details

GHSA

GHSA-6mr6-ghhg-rwhx: The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31↗2022-05-17

▶

OSV

CVE-2014-1549: The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31↗2014-07-22

▶

OSV

firefox vulnerabilities↗2014-07-22

▶

OSV

thunderbird vulnerabilities↗2014-07-22

▶

📋Vendor Advisories

Red Hat

Mozilla: Buffer overflow during Web Audio buffering for playback (MFSA 2014-57)↗2014-07-22

▶

Ubuntu

Thunderbird vulnerabilities↗2014-07-22

▶

Ubuntu

Firefox vulnerabilities↗2014-07-22

▶

💬Community

Bugzilla

CVE-2014-1549 Mozilla: Buffer overflow during Web Audio buffering for playback (MFSA 2014-57)↗2014-07-21

▶