Mozilla Firefox/Thunderbird CVE-2014-1567 Use After Free Memory Corruption Vulnerability
BID:69520
CVE-2014-1567 |Info
Mozilla Firefox/Thunderbird CVE-2014-1567 Use After Free Memory Corruption Vulnerability
| Bugtraq ID: | 69520 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2014-1567 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2014 12:00AM |
| Updated: | Aug 11 2015 08:08PM |
| Credit: | regenrecht |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 SuSE SUSE Linux Enterprise Server 10 SP3 LTSS RedHat Enterprise Linux Optional Productivity Application 5 server Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Mozilla Thunderbird 13.0 Mozilla Thunderbird 12.0 Mozilla Thunderbird 11.0 Mozilla Thunderbird 10.0.2 Mozilla Thunderbird 10.0.1 Mozilla Thunderbird 10.0 Mozilla Firefox ESR 10.0.5 Mozilla Firefox ESR 10.0.4 Mozilla Firefox ESR 10.0.3 Mozilla Firefox ESR 10.0.2 Mozilla Firefox 13.0 Mozilla Firefox 12.0 Mozilla Firefox 11.0 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 IBM Scale Out Network Attached Storage 1.3.0.5 IBM Scale Out Network Attached Storage 1.3.0.4 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 CentOS CentOS 6 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox/Thunderbird CVE-2014-1567 Use After Free Memory Corruption Vulnerability
Mozilla Firefox and Thunderbird are prone to a use-after-free memory-corruption vulnerability.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application or result in denial-of-service conditions.
This issue is fixed in the following versions:
Firefox 32
Firefox ESR 24.8
Firefox ESR 31.1
Thunderbird 31.1
Thunderbird 24.8
Mozilla Firefox and Thunderbird are prone to a use-after-free memory-corruption vulnerability.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application or result in denial-of-service conditions.
This issue is fixed in the following versions:
Firefox 32
Firefox ESR 24.8
Firefox ESR 31.1
Thunderbird 31.1
Thunderbird 24.8
Exploit / POC
Mozilla Firefox/Thunderbird CVE-2014-1567 Use After Free Memory Corruption Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Mozilla Firefox/Thunderbird CVE-2014-1567 Use After Free Memory Corruption Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Mozilla Firefox/Thunderbird CVE-2014-1567 Use After Free Memory Corruption Vulnerability
References:
References:
- Mozilla Firefox Homepage (Mozilla)
- Mozilla firefox vulnerability issues on IBM SONAS (IBM)
- Mozilla Thunderbird Homepage (Mozilla )
- Vulnerabilities in procmail and Firefox affect TSSC (CVE-2014-3618, CVE-2014-156 (IBM)
- Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnera (HP Zero Day Initiative)
- Mozilla Foundation Security Advisory 2014-72 (Mozilla)
- RHSA-2014:1144-1 Security Advisory Critical: firefox security update (Red Hat)
- RHSA-2014:1145-1 Security Advisory Important: thunderbird security update (Red Hat)