CVE-2014-1563 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free9 documents7 sources

Severity

10.0CRITICALNVD

EPSS

1.4%

top 19.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Opensuse Evergreen +2 more

Timeline

PublishedSep 3

Latest updateMay 14

Description

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

▶Ubuntumozilla/firefox< 32.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox31.1.0+2

▶Ubuntumozilla/thunderbird< 1:31.1.1+build1-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird31.0

▶NVDoracle/solaris11.3

🔴Vulnerability Details

GHSA

GHSA-r4rg-39xh-pg83: Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32↗2022-05-14

▶

CVEList

CVE-2014-1563: Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32↗2014-09-03

▶

OSV

CVE-2014-1563: Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32↗2014-09-02

▶

OSV

firefox vulnerabilities↗2014-09-02

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2014-09-11

▶

Red Hat

Mozilla: Use-after-free during DOM interactions with SVG (MFSA 2014-68)↗2014-09-03

▶

Ubuntu

Firefox vulnerabilities↗2014-09-02

▶

💬Community

Bugzilla

CVE-2014-1563 Mozilla: Use-after-free during DOM interactions with SVG (MFSA 2014-68)↗2014-09-01

▶