CVE-2014-1593

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow9 documents7 sources

Severity

6.8MEDIUM

EPSS

2.1%

top 15.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedDec 11

Latest updateMay 17

Description

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

▶NVDmozilla/firefox31.2+1

▶NVDmozilla/seamonkey2.30

▶NVDmozilla/thunderbird31.2

▶Ubuntufirefox< 34.0+build2-0ubuntu0.14.04.1

▶Ubuntuthunderbird< 1:31.3.0+build1-0ubuntu0.14.04.1

🔴Vulnerability Details

GHSA

GHSA-wq8g-8jvq-gv63: Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34↗2022-05-17

▶

CVEList

CVE-2014-1593: Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34↗2014-12-11

▶

OSV

CVE-2014-1593: Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34↗2014-12-02

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2014-12-03

▶

Ubuntu

Firefox vulnerabilities↗2014-12-02

▶

Red Hat

Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)↗2014-12-02

▶

💬Community

Bugzilla

CVE-2014-1593 Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)↗2014-12-01

▶

Bugzilla

CVE-2001-1593 a2ps: insecure temporary file use↗2014-02-03

▶