Published: 14/01/2015 Updated: 08/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 35.0, Firefox ESR 31.x prior to 31.4, Thunderbird prior to 31.4, and SeaMonkey prior to 2.32 allow remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox esr 31.0
mozilla firefox esr 31.3.0
mozilla firefox esr 31.2
mozilla firefox esr 31.1.1
mozilla firefox esr 31.1.0
mozilla firefox
mozilla seamonkey
mozilla thunderbird

Synopsis Critical: firefox security and bug fix update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix multiple security issues and one bug arenow available for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Critical securityim ...

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An updated thunderbird package that fixes three security issues is nowavailable for Red Hat Enterprise Linux 5 and 6Red Hat Product Security has rated this update as having Important securityimpact Common Vuln ...

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service For the stable distribution (wheezy), these problems have been fixed in version 3140-1~d ...

Several security issues were fixed in Thunderbird ...

USN-2458-1 introduced a regression in Firefox ...

This update provides compatible packages for Firefox 35 ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2015-01 Miscellaneous memory safety hazards (rv:350 / rv:314) Announced January 13, 2015 Reporter Mozilla Developers Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, ...

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 350, Firefox ESR 31x before 314, Thunderbird before 314, and SeaMonkey before 232 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors ...

Firefox 35 stamps out critical bugs

The Register • Darren Pauli • 19 Jan 2015

Nine flaws scrubbed out

Mozilla has crushed nine bugs, some rather dangerous, in the latest version of its flagship browser. The fixes include a patch for a critical sandbox escape (CVE-2014-8643) in the Gecko Media Plugin used for h.264 video playback affecting Windows machines (but not OS X or Linux). Another critical hole addressed a read-after-free flaw (CVE-2014-8641) in WebRTC that affected Firefox and SeaMonkey and pertains to the way tracks are handled, leading to an exploitable crash or incorrect behaviour. A ...

NVD-CWE-noinfo https://bugzilla.mozilla.org/show_bug.cgi?id=1109889 https://bugzilla.mozilla.org/show_bug.cgi?id=1111737 http://www.mozilla.org/security/announce/2014/mfsa2015-01.html http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://www.securitytracker.com/id/1031533 http://secunia.com/advisories/62237 http://www.securityfocus.com/bid/72049 http://secunia.com/advisories/62446 http://secunia.com/advisories/62790 http://secunia.com/advisories/62657 http://www.debian.org/security/2015/dsa-3127 http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-0046.html http://www.debian.org/security/2015/dsa-3132 http://www.ubuntu.com/usn/USN-2460-1 http://rhn.redhat.com/errata/RHSA-2015-0047.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://security.gentoo.org/glsa/201504-01 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.securitytracker.com/id/1031534 http://secunia.com/advisories/62418 http://secunia.com/advisories/62316 http://secunia.com/advisories/62315 http://secunia.com/advisories/62313 http://secunia.com/advisories/62304 http://secunia.com/advisories/62293 http://secunia.com/advisories/62283 http://secunia.com/advisories/62274 http://secunia.com/advisories/62273 http://secunia.com/advisories/62259 http://secunia.com/advisories/62253 http://linux.oracle.com/errata/ELSA-2015-0047.html http://linux.oracle.com/errata/ELSA-2015-0046.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99955 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2015:0046 https://usn.ubuntu.com/2460-1/https://access.redhat.com/security/cve/cve-2014-8634 https://www.debian.org/security/./dsa-3132

CVE-2014-8634

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect