CVE-2014-1577Use After Free in Mozilla Firefox

CWE-416Use After Free11 documents7 sources
Severity
6.4MEDIUMNVD
OSV7.5
EPSS
1.3%
top 20.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedOct 15
Latest updateMay 17

Description

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

Ubuntumozilla/firefox< 33.0+build2-0ubuntu0.14.04.1
NVDmozilla/firefox32.0+3
Ubuntumozilla/thunderbird< 1:31.2.0+build2-0ubuntu0.14.04.1
NVDmozilla/thunderbird31.0, 31.1.0+1

🔴Vulnerability Details

4
GHSA
GHSA-82w9-49hw-6739: The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 332022-05-17
OSV
thunderbird vulnerabilities2014-10-15
OSV
firefox vulnerabilities2014-10-14
OSV
CVE-2014-1577: The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 332014-10-14

📋Vendor Advisories

4
Red Hat
jasper: double free issue in jas_iccattrval_destroy()2016-03-03
Ubuntu
Thunderbird vulnerabilities2014-10-15
Ubuntu
Firefox vulnerabilities2014-10-14
Red Hat
Mozilla: Web Audio memory corruption issues with custom waveforms (MFSA 2014-76)2014-10-14

📄Research Papers

1
arXiv
Browser Feature Usage on the Modern Web2016-05-20

💬Community

1
Bugzilla
CVE-2014-1577 Mozilla: Web Audio memory corruption issues with custom waveforms (MFSA 2014-76)2014-10-14