Published: 14/01/2015 Updated: 08/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox prior to 35.0, Firefox ESR 31.x prior to 31.4, and SeaMonkey prior to 2.32 allows remote malicious users to execute arbitrary code via crafted track data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla seamonkey
mozilla firefox esr 31.2
mozilla firefox esr 31.1.1
mozilla firefox esr 31.3.0
mozilla firefox esr 31.1.0
mozilla firefox esr 31.0
mozilla firefox

Synopsis Critical: firefox security and bug fix update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix multiple security issues and one bug arenow available for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Critical securityim ...

USN-2458-1 introduced a regression in Firefox ...

This update provides compatible packages for Firefox 35 ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2015-06 Read-after-free in WebRTC Announced January 13, 2015 Reporter Mitchell Harper Impact Critical Products Firefox, Firefox ESR, Firefox OS, SeaMonkey Fixed in ...

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 350, Firefox ESR 31x before 314, and SeaMonkey before 232 allows remote attackers to execute arbitrary code via crafted track data ...

Firefox 35 stamps out critical bugs

The Register • Darren Pauli • 19 Jan 2015

Nine flaws scrubbed out

Mozilla has crushed nine bugs, some rather dangerous, in the latest version of its flagship browser. The fixes include a patch for a critical sandbox escape (CVE-2014-8643) in the Gecko Media Plugin used for h.264 video playback affecting Windows machines (but not OS X or Linux). Another critical hole addressed a read-after-free flaw (CVE-2014-8641) in WebRTC that affected Firefox and SeaMonkey and pertains to the way tracks are handled, leading to an exploitable crash or incorrect behaviour. A ...

NVD-CWE-Other https://bugzilla.mozilla.org/show_bug.cgi?id=1108455 http://www.mozilla.org/security/announce/2014/mfsa2015-06.html http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://www.securitytracker.com/id/1031533 http://secunia.com/advisories/62237 http://secunia.com/advisories/62446 http://secunia.com/advisories/62790 http://www.debian.org/security/2015/dsa-3127 http://rhn.redhat.com/errata/RHSA-2015-0046.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://security.gentoo.org/glsa/201504-01 http://www.securityfocus.com/bid/72044 http://secunia.com/advisories/62418 http://secunia.com/advisories/62316 http://secunia.com/advisories/62313 http://secunia.com/advisories/62293 http://secunia.com/advisories/62273 http://secunia.com/advisories/62253 http://linux.oracle.com/errata/ELSA-2015-0046.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99961 https://access.redhat.com/errata/RHSA-2015:0046 https://nvd.nist.gov https://usn.ubuntu.com/2458-3/https://access.redhat.com/security/cve/cve-2014-8641

CVE-2014-8641

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect