CVE-2014-1482

high-risk

Published 2014-02-06

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.

Do I need to act?

2.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Firefox

Seamonkey

Thunderbird

Ubuntu Linux

Debian Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Suse Linux Enterprise Software Development Kit

Opensuse

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Ubuntu Linux

Enterprise Linux Desktop

Affected Vendors

Suse Fedoraproject Canonical Opensuse Debian Redhat Mozilla

References (66)

Broken Link http://download.novell.com/Download?buildid=VYQsgaFpQ2k

Broken Link http://download.novell.com/Download?buildid=Y2fux-JW1Qc

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.h...

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.h...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Broken Link http://osvdb.org/102868

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2014-0132.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2014-0133.html

Broken Link http://secunia.com/advisories/56706

Broken Link http://secunia.com/advisories/56761

Broken Link http://secunia.com/advisories/56763

Broken Link http://secunia.com/advisories/56767

Broken Link http://secunia.com/advisories/56787

Broken Link http://secunia.com/advisories/56858

Broken Link http://secunia.com/advisories/56888

Broken Link http://secunia.com/advisories/56922

Third Party Advisory http://www.debian.org/security/2014/dsa-2858

and 46 more references

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 6/34 · Minimal

Exposure 21/34 · High