cbcvebase.
CVE-2014-1564
published 2014-09-03

CVE-2014-1564: Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows…

PriorityP424medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
5.46%
91.8th percentile
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.

Affected

9 ranges
VendorProductVersion rangeFixed in
mozillafirefox<= 31.1.0
mozillafirefox
mozillafirefox
mozillafirefox>= 0 < 32.0+build1-0ubuntu0.14.04.132.0+build1-0ubuntu0.14.04.1
mozillathunderbird
mozillathunderbird>= 0 < 1:31.1.1+build1-0ubuntu0.14.04.11:31.1.1+build1-0ubuntu0.14.04.1
opensuseevergreen
opensuseopensuse
opensuseopensuse

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv10.0CRITICAL
vendor_ubuntu10.0CRITICAL
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.