CVE-2014-1594 - Vulnerability Details

Vendors	Products
Mozilla	Firefox Firefox Esr Seamonkey Thunderbird
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
firefox-0:31.3.0-4.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2014:1919	2014-12-02T00:00:00Z
thunderbird-0:31.3.0-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2014:1924	2014-12-02T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:31.3.0-3.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1919	2014-12-02T00:00:00Z
thunderbird-0:31.3.0-1.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1924	2014-12-02T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:31.3.0-3.el7_0	cpe:/o:redhat:enterprise_linux:7	RHSA-2014:1919	2014-12-02T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://www.debian.org/security/2014/dsa-3090
http://www.debian.org/security/2014/dsa-3092
http://www.mozilla.org/security/announce/2014/mfsa2014-89.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/71396
https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
https://nvd.nist.gov/vuln/detail/CVE-2014-1594
https://security.gentoo.org/glsa/201504-01
https://www.cve.org/CVERecord?id=CVE-2014-1594

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "openSUSE-SU-2015:0138", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"name": "GLSA-201504-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-01"}, {"name": "71396", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71396"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3090", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3090"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "DSA-3092", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3092"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1594", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:0138", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01"}, {"name": "71396", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71396"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3090", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3090"}, {"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"name": "openSUSE-SU-2015:1266", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "DSA-3092", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3092"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:09.592Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:0138", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"name": "GLSA-201504-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201504-01"}, {"name": "71396", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71396"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3090", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3090"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "DSA-3092", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3092"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1594", "datePublished": "2014-12-11T11:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:50:09.592Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-12-02T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-22T18:57:01 (string)

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

}

references : [ »

0 : { »

name : openSUSE-SU-2015:0138 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html (string)

}

1 : { »

name : GLSA-201504-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201504-01 (string)

}

2 : { »

name : 71396 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/71396 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

5 : { »

name : DSA-3090 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-3090 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.mozilla.org/security/announce/2014/mfsa2014-89.html (string)

}

7 : { »

name : openSUSE-SU-2015:1266 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

8 : { »

name : DSA-3092 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-3092 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@mozilla.org (string)

ID : CVE-2014-1594 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : openSUSE-SU-2015:0138 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html (string)

}

1 : { »

name : GLSA-201504-01 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201504-01 (string)

}

2 : { »

name : 71396 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/71396 (string)

}

3 : { »

name : https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 (string)

refsource : CONFIRM (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 (string)

}

4 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

5 : { »

name : DSA-3090 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-3090 (string)

}

6 : { »

name : http://www.mozilla.org/security/announce/2014/mfsa2014-89.html (string)

refsource : CONFIRM (string)

url : http://www.mozilla.org/security/announce/2014/mfsa2014-89.html (string)

}

7 : { »

name : openSUSE-SU-2015:1266 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

8 : { »

name : DSA-3092 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-3092 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T09:50:09.592Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : openSUSE-SU-2015:0138 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html (string)

}

1 : { »

name : GLSA-201504-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201504-01 (string)

}

2 : { »

name : 71396 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/71396 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

5 : { »

name : DSA-3090 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-3090 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.mozilla.org/security/announce/2014/mfsa2014-89.html (string)

}

7 : { »

name : openSUSE-SU-2015:1266 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

8 : { »

name : DSA-3092 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-3092 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

assignerShortName : mozilla (string)

cveId : CVE-2014-1594 (string)

datePublished : 2014-12-11T11:00:00 (string)

dateReserved : 2014-01-16T00:00:00 (string)

dateUpdated : 2024-08-06T09:50:09.592Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A24FFC6-737A-4EA6-88EB-5A80DC2DC8D6", "versionEndIncluding": "33.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "89291AB2-7450-4679-BD46-DC6D6D9D0F46", "versionEndIncluding": "31.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCC88E6A-FFED-4C78-8FC4-7914235282BC", "versionEndIncluding": "2.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "9806D62C-E276-47AB-8675-8A3952D14B21", "versionEndIncluding": "31.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."}, {"lang": "es", "value": "Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de una conversi\u00f3n de datos incorrecta del tipo BasicThebesLayer al tipo BasicContainerLayer."}], "id": "CVE-2014-1594", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-12-11T11:59:08.150", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2014/dsa-3090"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2014/dsa-3092"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/71396"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201504-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201504-01"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A24FFC6-737A-4EA6-88EB-5A80DC2DC8D6 (string)

versionEndIncluding : 33.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 89291AB2-7450-4679-BD46-DC6D6D9D0F46 (string)

versionEndIncluding : 31.2 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BCC88E6A-FFED-4C78-8FC4-7914235282BC (string)

versionEndIncluding : 2.30 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9806D62C-E276-47AB-8675-8A3952D14B21 (string)

versionEndIncluding : 31.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. (string)

}

1 : { »

lang : es (string)

value : Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de una conversión de datos incorrecta del tipo BasicThebesLayer al tipo BasicContainerLayer. (string)

}

]

id : CVE-2014-1594 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2014-12-11T11:59:08.150 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html (string)

}

1 : { »

source : security@mozilla.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

2 : { »

source : security@mozilla.org (string)

url : http://www.debian.org/security/2014/dsa-3090 (string)

}

3 : { »

source : security@mozilla.org (string)

url : http://www.debian.org/security/2014/dsa-3092 (string)

}

4 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.mozilla.org/security/announce/2014/mfsa2014-89.html (string)

}

5 : { »

source : security@mozilla.org (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

6 : { »

source : security@mozilla.org (string)

url : http://www.securityfocus.com/bid/71396 (string)

}

7 : { »

source : security@mozilla.org (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 (string)

}

8 : { »

source : security@mozilla.org (string)

url : https://security.gentoo.org/glsa/201504-01 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2014/dsa-3090 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2014/dsa-3092 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.mozilla.org/security/announce/2014/mfsa2014-89.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/71396 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201504-01 (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.", "affected_release": [{"advisory": "RHSA-2014:1919", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:31.3.0-4.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1924", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:31.3.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1919", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:31.3.0-3.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1924", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:31.3.0-1.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1919", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:31.3.0-3.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-12-02T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)", "id": "1169210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169210"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-749", "details": ["Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."], "name": "CVE-2014-1594", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1594\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1594\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-89.html"], "threat_severity": "Moderate"}

{

acknowledgement : Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2014:1919 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : firefox-0:31.3.0-4.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2014-12-02T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:1924 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : thunderbird-0:31.3.0-1.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2014-12-02T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2014:1919 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : firefox-0:31.3.0-3.el6_6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-12-02T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2014:1924 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : thunderbird-0:31.3.0-1.el6_6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-12-02T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2014:1919 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : firefox-0:31.3.0-3.el7_0 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2014-12-02T00:00:00Z (string)

}

]

bugzilla : { »

description : Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89) (string)

id : 1169210 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1169210 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 5.1 (string)

cvss_scoring_vector : AV:N/AC:H/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-749 (string)

details : [ »

0 : Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. (string)

]

name : CVE-2014-1594 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Affected (string)

package_name : thunderbird (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

]

public_date : 2014-12-02T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-1594 https://nvd.nist.gov/vuln/detail/CVE-2014-1594 http://www.mozilla.org/security/announce/2014/mfsa2014-89.html (string)

]

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object