{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-02T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T17:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "openSUSE-SU-2015:0138", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"}, {"name": "SUSE-SU-2014:1112", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"}, {"name": "69520", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69520"}, {"name": "GLSA-201504-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "DSA-3018", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3018"}, {"name": "1030794", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030794"}, {"name": "SUSE-SU-2014:1120", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "60186", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60186"}, {"name": "61390", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61390"}, {"name": "openSUSE-SU-2014:1098", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"}, {"name": "60148", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60148"}, {"name": "openSUSE-SU-2014:1099", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"}, {"name": "61114", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61114"}, {"name": "DSA-3028", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3028"}, {"name": "SUSE-SU-2014:1107", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"}, {"name": "1030793", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030793"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2014-1567", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:0138", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"}, {"name": "SUSE-SU-2014:1112", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"}, {"name": "69520", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69520"}, {"name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "DSA-3018", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3018"}, {"name": "1030794", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030794"}, {"name": "SUSE-SU-2014:1120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"}, {"name": "openSUSE-SU-2015:1266", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "60186", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60186"}, {"name": "61390", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61390"}, {"name": "openSUSE-SU-2014:1098", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"}, {"name": "60148", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60148"}, {"name": "openSUSE-SU-2014:1099", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"}, {"name": "61114", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61114"}, {"name": "DSA-3028", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3028"}, {"name": "SUSE-SU-2014:1107", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"}, {"name": "1030793", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030793"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:42:36.651Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:0138", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"}, {"name": "SUSE-SU-2014:1112", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"}, {"name": "69520", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69520"}, {"name": "GLSA-201504-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201504-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "DSA-3018", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3018"}, {"name": "1030794", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030794"}, {"name": "SUSE-SU-2014:1120", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "60186", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60186"}, {"name": "61390", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61390"}, {"name": "openSUSE-SU-2014:1098", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"}, {"name": "60148", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60148"}, {"name": "openSUSE-SU-2014:1099", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"}, {"name": "61114", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61114"}, {"name": "DSA-3028", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3028"}, {"name": "SUSE-SU-2014:1107", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"}, {"name": "1030793", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030793"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1567", "datePublished": "2014-09-03T10:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:42:36.651Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D8AEBE9-C88E-47F0-8ACC-18DADFD571A0", "versionEndIncluding": "31.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*", "matchCriteriaId": "38EBC9E7-46AD-4DCD-AA7B-5071F55E3755", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*", "matchCriteriaId": "18E772D1-DD0F-4F04-8BB4-9550F3C601E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:24.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "050A0328-B07A-4CC7-B42E-A034F3140032", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "732CC40B-BCBA-436B-956F-52BE28D9B79B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A4DE4CBB-6604-4AF2-B499-06BCD9E213C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "70ECF11D-B5D0-4EBA-9E1F-0978AF7C7818", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "A237D8D8-5656-4537-AD08-30CB8B4DAD63", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*", "matchCriteriaId": "04B61AC7-E951-407F-A62E-490F9FEDE9C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*", "matchCriteriaId": "A9F70319-C8E4-4F54-9449-B0C3A59BF7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*", "matchCriteriaId": "9CAD5F3B-54D7-425B-89D2-A3A86DE31BAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*", "matchCriteriaId": "44D4B068-3456-4748-94BE-ACBA6A026570", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.7:*:*:*:*:*:*:*", "matchCriteriaId": "31A0674F-9FAA-4493-A7DD-BC084C4E1E6A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CCAFDF1-10BB-4AB0-9C9D-E99DDBA901BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "31EE89B8-705F-4A05-9015-3D6E81D394E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*", "matchCriteriaId": "E30AE3D4-6A3E-435E-BDBF-1A9A17297433", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B0C705A0-62C0-485A-A077-C7DD426F80B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "66C802A7-E4D5-4D2D-9CE8-749A75DF7461", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*", "matchCriteriaId": "4E8A57FA-AC27-4288-8E42-97DECF3B993C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*", "matchCriteriaId": "1D474B11-98D0-41A3-A98B-CFB6955264AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD940E-9EF0-460B-A721-E70C719F2244", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*", "matchCriteriaId": "063FC215-D9D2-40D0-A8A5-6289890EF9B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:24.7:*:*:*:*:*:*:*", "matchCriteriaId": "79E7E9DF-322E-474F-9204-E7189929490B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*", "matchCriteriaId": "707DE052-DE3E-4FC3-994C-52FF7B5373C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en DirectionalityUtils.cpp en Mozilla Firefox anterior a 32.0, Firefox ESR 24.x anterior a 24.8 y 31.x anterior a 31.1 y Thunderbird 24.x anterior a 24.8 y 31.x anterior a 31.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de texto que no se maneja debidamente durante la interacci\u00f3n entre la resoluci\u00f3n de la direccionalidad y el dise\u00f1o."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\" target=\"_blank\">CWE-416: Use After Free</a>", "id": "CVE-2014-1567", "lastModified": "2024-11-21T02:04:37.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-03T10:55:06.760", "references": [{"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"}, {"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"}, {"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"}, {"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"}, {"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "[email protected]", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/60148"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/60186"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/61114"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/61390"}, {"source": "[email protected]", "url": "http://www.debian.org/security/2014/dsa-3018"}, {"source": "[email protected]", "url": "http://www.debian.org/security/2014/dsa-3028"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"}, {"source": "[email protected]", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/69520"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id/1030793"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id/1030794"}, {"source": "[email protected]", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"}, {"source": "[email protected]", "url": "https://security.gentoo.org/glsa/201504-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201504-01"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.", "affected_release": [{"advisory": "RHSA-2014:1144", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:24.8.0-2.el5_10", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-09-03T00:00:00Z"}, {"advisory": "RHSA-2014:1145", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:24.8.0-1.el5_10", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-09-03T00:00:00Z"}, {"advisory": "RHSA-2014:1144", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:24.8.0-1.el6_5", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-09-03T00:00:00Z"}, {"advisory": "RHSA-2014:1145", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:24.8.0-1.el6_5", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-09-03T00:00:00Z"}, {"advisory": "RHSA-2014:1144", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:24.8.0-1.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-09-03T00:00:00Z"}, {"advisory": "RHSA-2014:1144", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xulrunner-0:24.8.0-1.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-09-03T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Use-after-free setting text directionality (MFSA 2014-72)", "id": "1135869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1135869"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."], "name": "CVE-2014-1567", "public_date": "2014-09-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1567\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1567\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-72.html"], "threat_severity": "Critical"}