Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8641

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-8641
Last Modified 17 Mar 2015 10:03:08
Published 14 Jan 2015 06:59:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8641

Summary

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.

Vulnerable Systems

Application

  • Mozilla Firefox 34.0.5

  • Mozilla Firefox Esr 31.0

  • Mozilla Firefox Esr 31.1.0

  • Mozilla Firefox Esr 31.1.1

  • Mozilla Firefox Esr 31.2

  • Mozilla Firefox Esr 31.3.0

  • Mozilla Seamonkey 2.31


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=1108455

CONFIRM - http://www.mozilla.org/security/announce/2014/mfsa2015-06.html

SECTRACK - 1031533

SECUNIA - 62250

SECUNIA - 62242

SECUNIA - 62237

SECUNIA - 62790

SECUNIA - 62446

DEBIAN - DSA-3127

REDHAT - RHSA-2015:0046

SUSE - openSUSE-SU-2015:0192

SUSE - openSUSE-SU-2015:0077

SUSE - SUSE-SU-2015:0180

SUSE - SUSE-SU-2015:0173

SUSE - SUSE-SU-2015:0171

Related Patches

Mozilla Firefox 35.0 for Mac OS X (See Notes)

Mozilla Firefox 31.4.0 ESR for Mac OS X (See Notes)

Red Hat 2015:0046-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86

Red Hat 2015:0046-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86_64


Last Updated: 27 May 2016 11:08:06