CVE-2014-1585 — Missing Release of Memory after Effective Lifetime in Mozilla Firefox

CWE-401 — Missing Release of Memory after Effective Lifetime10 documents6 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

0.7%

top 28.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedOct 15

Latest updateMay 17

Description

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 33.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox32.0+3

▶Ubuntumozilla/thunderbird< 1:31.2.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird31.0, 31.1.0+1

🔴Vulnerability Details

GHSA

GHSA-6m7x-mc9c-967p: The WebRTC video-sharing feature in dom/media/MediaManager↗2022-05-17

▶

OSV

thunderbird vulnerabilities↗2014-10-15

▶

OSV

firefox vulnerabilities↗2014-10-14

▶

OSV

CVE-2014-1585: The WebRTC video-sharing feature in dom/media/MediaManager↗2014-10-14

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2014-10-15

▶

Ubuntu

Firefox vulnerabilities↗2014-10-14

▶

Red Hat

Mozilla: Inconsistent video sharing within iframe (MFSA 2014-81)↗2014-10-14

▶

Red Hat

openssl: DTLS memory leak from zero-length fragments↗2014-08-06

▶

💬Community

Bugzilla

CVE-2014-1585 CVE-2014-1586 Mozilla: Inconsistent video sharing within iframe (MFSA 2014-81)↗2014-10-14

▶