{"api_version":"1","generated_at":"2026-04-23T01:32:39+00:00","cve":"CVE-2014-8641","urls":{"html":"https://cve.report/CVE-2014-8641","api":"https://cve.report/api/cve/CVE-2014-8641.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-8641","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-8641"},"summary":{"title":"CVE-2014-8641","description":"Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2015-01-14 11:59:00","updated_at":"2017-09-08 01:29:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/62250","name":"62250","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62250 - Ubuntu update for firefox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html","name":"openSUSE-SU-2015:0192","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2015:0192-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1031533","name":"1031533","refsource":"SECTRACK","tags":[],"title":"Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62237","name":"62237","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62237 - Debian update for iceweasel - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html","name":"SUSE-SU-2015:0171","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2015:0171-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html","name":"SUSE-SU-2015:0173","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2015:0173-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62242","name":"62242","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62242 - Ubuntu update for ubufox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201504-01","name":"GLSA-201504-01","refsource":"GENTOO","tags":[],"title":"Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62293","name":"62293","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62293 - Oracle Linux update for firefox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0046.html","name":"RHSA-2015:0046","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.debian.org/security/2015/dsa-3127","name":"DSA-3127","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3127-1 iceweasel","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1108455","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1108455","refsource":"CONFIRM","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mozilla.org/security/announce/2014/mfsa2015-06.html","name":"http://www.mozilla.org/security/announce/2014/mfsa2015-06.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Read-after-free in WebRTC — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62790","name":"62790","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62790 - SUSE update for seamonkey - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://linux.oracle.com/errata/ELSA-2015-0046.html","name":"http://linux.oracle.com/errata/ELSA-2015-0046.html","refsource":"CONFIRM","tags":[],"title":"linux.oracle.com | ELSA-2015-0046","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62316","name":"62316","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62316 - Mozilla SeaMonkey Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62253","name":"62253","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62253 - Mozilla Firefox Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62313","name":"62313","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62313 - Mozilla Firefox ESR Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/72044","name":"72044","refsource":"BID","tags":[],"title":"Mozilla Firefox/SeaMonkey WebRTC Memory Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/62446","name":"62446","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62446 - Waterfox Firefox Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html","name":"openSUSE-SU-2015:0077","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2015:0077-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62273","name":"62273","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62273 - Red Hat update for firefox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/99961","name":"firefox-cve20148641-dos(99961)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html","name":"SUSE-SU-2015:0180","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2015:0180-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","refsource":"CONFIRM","tags":[],"title":"Oracle Solaris Third Party Bulletin - April 2015","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/62418","name":"62418","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-8641","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8641","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"34.0.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8641","vulnerable":"1","versionEndIncluding":"2.31","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"seamonkey","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@mozilla.org","ID":"CVE-2014-8641","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2015:0046","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0046.html"},{"name":"http://www.mozilla.org/security/announce/2014/mfsa2015-06.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2014/mfsa2015-06.html"},{"name":"62242","refsource":"SECUNIA","url":"http://secunia.com/advisories/62242"},{"name":"1031533","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1031533"},{"name":"72044","refsource":"BID","url":"http://www.securityfocus.com/bid/72044"},{"name":"openSUSE-SU-2015:0192","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1108455","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1108455"},{"name":"62250","refsource":"SECUNIA","url":"http://secunia.com/advisories/62250"},{"name":"SUSE-SU-2015:0173","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"},{"name":"62237","refsource":"SECUNIA","url":"http://secunia.com/advisories/62237"},{"name":"openSUSE-SU-2015:0077","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"},{"name":"62418","refsource":"SECUNIA","url":"http://secunia.com/advisories/62418"},{"name":"SUSE-SU-2015:0171","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"},{"name":"62316","refsource":"SECUNIA","url":"http://secunia.com/advisories/62316"},{"name":"GLSA-201504-01","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201504-01"},{"name":"62313","refsource":"SECUNIA","url":"http://secunia.com/advisories/62313"},{"name":"62790","refsource":"SECUNIA","url":"http://secunia.com/advisories/62790"},{"name":"62293","refsource":"SECUNIA","url":"http://secunia.com/advisories/62293"},{"name":"62446","refsource":"SECUNIA","url":"http://secunia.com/advisories/62446"},{"name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"name":"62273","refsource":"SECUNIA","url":"http://secunia.com/advisories/62273"},{"name":"DSA-3127","refsource":"DEBIAN","url":"http://www.debian.org/security/2015/dsa-3127"},{"name":"SUSE-SU-2015:0180","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"},{"name":"http://linux.oracle.com/errata/ELSA-2015-0046.html","refsource":"CONFIRM","url":"http://linux.oracle.com/errata/ELSA-2015-0046.html"},{"name":"62253","refsource":"SECUNIA","url":"http://secunia.com/advisories/62253"},{"name":"firefox-cve20148641-dos(99961)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/99961"}]}},"nvd":{"publishedDate":"2015-01-14 11:59:00","lastModifiedDate":"2017-09-08 01:29:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*","versionEndIncluding":"2.31","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndIncluding":"34.0.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"8641","Ordinal":"75692","Title":"CVE-2014-8641","CVE":"CVE-2014-8641","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"8641","Ordinal":"1","NoteData":"Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"8641","Ordinal":"2","NoteData":"2015-01-14","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"8641","Ordinal":"3","NoteData":"2017-09-07","Type":"Other","Title":"Modified"}]}}}