CVE-2014-1567

Severity

93%

Complexity

86%

Confidentiality

165%

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

CWE-416: Use After Free

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 10 years ago

2014-09-03 10:55:00

Last updated 8 years ago

2017-01-07 02:59:00

Affected Software

Mozilla Firefox 30.0

30.0

Mozilla Firefox 31.0

31.0

Mozilla Firefox

Mozilla Firefox Extended Support Release (ESR) 24.0

24.0

Mozilla Firefox Extended Support Release (ESR) 24.0.1

24.0.1

Mozilla Firefox Extended Support Release (ESR) 24.0.2

24.0.2

Mozilla Firefox Extended Support Release (ESR) 24.1.0

24.1.0

Mozilla Firefox Extended Support Release (ESR) 24.1.1

24.1.1

Mozilla Firefox Extended Support Release (ESR) 24.2

24.2

Mozilla Firefox Extended Support Release (ESR) 24.3

24.3

Mozilla Firefox Extended Support Release (ESR) 24.4

24.4

Mozilla Firefox Extended Support Release (ESR) 24.5

24.5

Mozilla Firefox Extended Support Release (ESR) 24.6

24.6

Mozilla Firefox Extended Support Release (ESR) 24.7

24.7

Mozilla Firefox Extended Support Release (ESR) 31.0

31.0

Mozilla Thunderbird 24.0

24.0

Mozilla Thunderbird 24.0.1

24.0.1

Mozilla Thunderbird 24.1.1

24.1.1

Mozilla Thunderbird 31.0

31.0

References

openSUSE-SU-2014:1098

SUSE-SU-2014:1107

SUSE-SU-2014:1112

SUSE-SU-2014:1120

openSUSE-SU-2015:0138

openSUSE-SU-2015:1266

openSUSE-SU-2014:1099

60148

60186

61114

61390

DSA-3018

DSA-3028

http://www.mozilla.org/security/announce/2014/mfsa2014-72.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

69520

1030793

1030794

https://bugzilla.mozilla.org/show_bug.cgi?id=1037641

GLSA-201504-01

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2014-1567

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 10 years ago

Last updated 8 years ago

Affected Software

Mozilla Firefox 30.0

Mozilla Firefox 31.0

Mozilla Firefox

Mozilla Firefox Extended Support Release (ESR) 24.0

Mozilla Firefox Extended Support Release (ESR) 24.0.1

Mozilla Firefox Extended Support Release (ESR) 24.0.2

Mozilla Firefox Extended Support Release (ESR) 24.1.0

Mozilla Firefox Extended Support Release (ESR) 24.1.1

Mozilla Firefox Extended Support Release (ESR) 24.2

Mozilla Firefox Extended Support Release (ESR) 24.3

Mozilla Firefox Extended Support Release (ESR) 24.4

Mozilla Firefox Extended Support Release (ESR) 24.5

Mozilla Firefox Extended Support Release (ESR) 24.6

Mozilla Firefox Extended Support Release (ESR) 24.7

Mozilla Firefox Extended Support Release (ESR) 31.0

Mozilla Thunderbird 24.0

Mozilla Thunderbird 24.0.1

Mozilla Thunderbird 24.1.1

Mozilla Thunderbird 31.0

References

openSUSE-SU-2014:1098

SUSE-SU-2014:1107

SUSE-SU-2014:1112

SUSE-SU-2014:1120

openSUSE-SU-2015:0138

openSUSE-SU-2015:1266

openSUSE-SU-2014:1099

60148

60186

61114

61390

DSA-3018

DSA-3028

http://www.mozilla.org/security/announce/2014/mfsa2014-72.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

69520

1030793

1030794

https://bugzilla.mozilla.org/show_bug.cgi?id=1037641

GLSA-201504-01

Stay updated

Get in touch