CVE-2014-1482
Summary
| CVE | CVE-2014-1482 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-06 05:44:00 UTC |
| Updated | 2020-08-11 13:33:00 UTC |
| Description | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.10 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 19 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Operating System | Fedoraproject | Fedora | 19 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Operating System | Opensuse | Opensuse | 11.4 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 11.4 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Application | Suse | Suse Linux Enterprise Software Development Kit | 11.0 | sp3 | All | All |
| Application | Suse | Suse Linux Enterprise Software Development Kit | 11.0 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA56761 - Red Hat update for firefox - Secunia | SECUNIA | secunia.com | Broken Link |
| Oracle Solaris Bulletin - April 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| Security Advisory SA56706 - Cyberfox Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Broken Link |
| Debian -- Security Information -- DSA-2858-1 iceweasel | DEBIAN | www.debian.org | Third Party Advisory |
| Security Advisory SA56787 - Mozilla Firefox Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Broken Link |
| Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [security-announce] openSUSE-SU-2014:0212-1: important: Mozilla Firefox | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| 102868 | OSVDB | osvdb.org | Broken Link |
| [SECURITY] Fedora 20 Update: thunderbird-24.3.0-1.fc20 | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Security Advisory SA56858 - Debian update for iceweasel - Secunia | SECUNIA | secunia.com | Broken Link |
| Gentoo Security | GENTOO | security.gentoo.org | Third Party Advisory |
| 8pecxstudios.com | CONFIRM | 8pecxstudios.com | Broken Link |
| USN-2102-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Security Advisory SA56888 - Ubuntu update for firefox - Secunia | SECUNIA | secunia.com | Broken Link |
| [SECURITY] Fedora 19 Update: thunderbird-24.3.0-1.fc19 | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| USN-2119-1: Thunderbird vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Security Advisory SA56767 - Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | Broken Link |
| Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1482 Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| 943803 – (CVE-2014-1482) Image decoding causing FireFox to crash with Goo Create | CONFIRM | bugzilla.mozilla.org | Exploit, Issue Tracking, Vendor Advisory |
| [security-announce] SUSE-SU-2014:0248-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| MFSA 2014-04: Incorrect use of discarded images by RasterImage | CONFIRM | www.mozilla.org | Vendor Advisory |
| Downloads | CONFIRM | download.novell.com | Broken Link |
| USN-2102-2: Firefox regression | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2014:0213-1: important: Mozilla updates | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| download.novell.com/Download | CONFIRM | download.novell.com | Broken Link |
| [security-announce] openSUSE-SU-2014:0419-1: important: Mozilla updates | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Security Advisory SA56763 - Red Hat update for thunderbird - Secunia | SECUNIA | secunia.com | Broken Link |
| Security Advisory SA56922 - SUSE update for Multiple Mozilla Packages - Secunia | SECUNIA | secunia.com | Broken Link |
| Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.