CVE-2014-8641

Severity

75%

Complexity

99%

Confidentiality

106%

CWE-416: Use After Free

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.

CWE-416: Use After Free

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 10 years ago

2015-01-14 11:59:00

Last updated 7 years ago

2017-09-08 01:29:00

Affected Software

Mozilla SeaMonkey

Mozilla Firefox Extended Support Release (ESR) 31.0

31.0

Mozilla Firefox Extended Support Release (ESR) 31.1.0

31.1.0

Mozilla Firefox Extended Support Release (ESR) 31.1.1

31.1.1

Mozilla Firefox Extended Support Release (ESR) 31.2

31.2

Mozilla Firefox Extended Support Release (ESR) 31.3.0

31.3.0

Mozilla Firefox

References

http://linux.oracle.com/errata/ELSA-2015-0046.html

openSUSE-SU-2015:0077

SUSE-SU-2015:0171

SUSE-SU-2015:0173

SUSE-SU-2015:0180

openSUSE-SU-2015:0192

RHSA-2015:0046

62237

62242

62250

62253

62273

62293

62313

62316

62418

62446

62790

DSA-3127

http://www.mozilla.org/security/announce/2014/mfsa2015-06.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

72044

1031533

https://bugzilla.mozilla.org/show_bug.cgi?id=1108455

firefox-cve20148641-dos(99961)

GLSA-201504-01

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.