CVE-2014-1551 — Mozilla Firefox vulnerability

2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

5.4%

top 9.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR

Timeline

PublishedJul 23

Latest updateMay 17

Description

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox30.0+5

▶NVDmozilla/firefox_esr5 versions+4

▶NVDmozilla/thunderbird24.6+8

🔴Vulnerability Details

GHSA

GHSA-jchp-2m7r-cc5v: Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31↗2022-05-17

▶