Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8637

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-8637
Last Modified 17 Mar 2015 10:03:03
Published 14 Jan 2015 06:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8637

Summary

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

Vulnerable Systems

Application

  • Mozilla Firefox 34.0.5

  • Mozilla Seamonkey 2.31


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=1094536

CONFIRM - http://www.mozilla.org/security/announce/2014/mfsa2015-02.html

SECTRACK - 1031533

SECUNIA - 62250

SECUNIA - 62242

SECUNIA - 62790

SECUNIA - 62446

SUSE - openSUSE-SU-2015:0192

SUSE - openSUSE-SU-2015:0077

SUSE - SUSE-SU-2015:0180

SUSE - SUSE-SU-2015:0173

SUSE - SUSE-SU-2015:0171

Related Patches

Mozilla Firefox 35.0 for Mac OS X (See Notes)


Last Updated: 27 May 2016 10:55:48