CVE-2014-1580Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
0.5%
top 36.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedOct 15
Latest updateMay 17

Description

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Ubuntumozilla/firefox< 33.0+build2-0ubuntu0.14.04.1
NVDmozilla/firefox32.0+3

🔴Vulnerability Details

3
GHSA
GHSA-g7cc-vgx4-gjp5: Mozilla Firefox before 332022-05-17
OSV
firefox vulnerabilities2014-10-14
OSV
CVE-2014-1580: Mozilla Firefox before 332014-10-14

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2014-10-14
Red Hat
Mozilla: Further uninitialized memory use during GIF rendering (MFSA 2014-78)2014-10-14

💬Community

1
Bugzilla
CVE-2014-1580 Mozilla: Further uninitialized memory use during GIF rendering (MFSA 2014-78)2014-10-14