Published: 03/09/2014 Updated: 07/01/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox prior to 32.0, Firefox ESR 31.x prior to 31.1, and Thunderbird 31.x prior to 31.1 does not properly create audio timelines, which allows remote malicious users to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 30.0
mozilla firefox
mozilla firefox 31.0
mozilla firefox esr 31.0
mozilla thunderbird 31.0

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2014-70 Out-of-bounds read in Web Audio audio timeline Announced September 2, 2014 Reporter Holger Fuhrmannek Impact Moderate Products Firefox, Firefox ESR, SeaMonkey, Thunderbird F ...

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 320, Firefox ESR 31x before 311, and Thunderbird 31x before 311 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) ...

CWE-119 http://www.mozilla.org/security/announce/2014/mfsa2014-70.html https://bugzilla.mozilla.org/show_bug.cgi?id=1047831 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201504-01 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.securitytracker.com/id/1030794 http://www.securitytracker.com/id/1030793 http://www.securityfocus.com/bid/69521 http://secunia.com/advisories/61114 http://secunia.com/advisories/60148 https://nvd.nist.gov https://usn.ubuntu.com/2330-1/https://access.redhat.com/security/cve/cve-2014-1565

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1565

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect