CVE-2014-1564
Summary
| CVE | CVE-2014-1564 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-09-03 10:55:00 UTC |
| Updated | 2018-10-30 16:27:00 UTC |
| Description | Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. |
Risk And Classification
Problem Types: CWE-824
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | 30.0 | All | All | All |
| Application | Mozilla | Firefox | 31.0 | All | All | All |
| Application | Mozilla | Firefox | 30.0 | All | All | All |
| Application | Mozilla | Firefox | 31.0 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Thunderbird | 31.0 | All | All | All |
| Application | Mozilla | Thunderbird | 31.0 | All | All | All |
| Operating System | Opensuse | Evergreen | 11.4 | All | All | All |
| Operating System | Opensuse | Evergreen | 11.4 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Solaris Bulletin - April 2016 | CONFIRM | www.oracle.com | |
| Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Full Disclosure: Uninit memory disclosure via truncated images in Firefox | FULLDISC | seclists.org | |
| openSUSE-SU-2014:1099-1: moderate: MozillaFirefox to Firefox 32 | SUSE | lists.opensuse.org | Third Party Advisory |
| Gentoo Security | GENTOO | security.gentoo.org | |
| [security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox | SUSE | lists.opensuse.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Access Denied | CONFIRM | bugzilla.mozilla.org | Issue Tracking |
| Security Advisory SA61114 - Ubuntu update for thunderbird - Secunia | SECUNIA | secunia.com | |
| [security-announce] openSUSE-SU-2015:0138-1: important: Firefox update t | SUSE | lists.opensuse.org | Third Party Advisory |
| Mozilla Firefox Secret Leak ≈ Packet Storm | MISC | packetstormsecurity.com | |
| [security-announce] openSUSE-SU-2014:1098-1: important: MozillaThunderbi | SUSE | lists.opensuse.org | Third Party Advisory |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | |
| MFSA 2014-69: Uninitialized memory use during GIF rendering | CONFIRM | www.mozilla.org | Vendor Advisory |
| Security Advisory SA60148 - Mozilla Firefox ESR / Thunderbird Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| Mozilla Firefox and Thunderbird CVE-2014-1564 Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.