Published: 11/12/2014 Updated: 04/10/2016

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Mozilla Firefox prior to 34.0, Firefox ESR 31.x prior to 31.3, and Thunderbird prior to 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox_esr 31.2
mozilla firefox_esr 31.1.1
mozilla firefox_esr 31.1.0
mozilla firefox_esr 31.0
mozilla thunderbird
mozilla firefox

Mozilla Foundation Security Advisory 2014-90 Apple CoreGraphics framework on OS X 1010 logging input data to /tmp directory Announced December 2, 2014 Reporter Kent Howard Impact High Products Firefox, Firefox ESR, Thunderb ...

CWE-199 https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/http://www.mozilla.org/security/announce/2014/mfsa2014-90.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1595

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect