FKIE_CVE-2014-1567
Vulnerability from fkie_nvd - Published: 2014-09-03 10:55 - Updated: 2025-11-25 17:50
Severity ?
Summary
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox | 30.0 | |
| mozilla | firefox | 31.0 | |
| mozilla | firefox | 24.0 | |
| mozilla | firefox | 24.0.1 | |
| mozilla | firefox | 24.0.2 | |
| mozilla | firefox | 24.1.0 | |
| mozilla | firefox | 24.1.1 | |
| mozilla | firefox | 31.0 | |
| mozilla | firefox_esr | 24.2 | |
| mozilla | firefox_esr | 24.3 | |
| mozilla | firefox_esr | 24.4 | |
| mozilla | firefox_esr | 24.5 | |
| mozilla | firefox_esr | 24.6 | |
| mozilla | firefox_esr | 24.7 | |
| mozilla | thunderbird | 24.0 | |
| mozilla | thunderbird | 24.0.1 | |
| mozilla | thunderbird | 24.1 | |
| mozilla | thunderbird | 24.1.1 | |
| mozilla | thunderbird | 24.2 | |
| mozilla | thunderbird | 24.3 | |
| mozilla | thunderbird | 24.4 | |
| mozilla | thunderbird | 24.5 | |
| mozilla | thunderbird | 24.6 | |
| mozilla | thunderbird | 24.7 | |
| mozilla | thunderbird | 31.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8AEBE9-C88E-47F0-8ACC-18DADFD571A0",
"versionEndIncluding": "31.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38EBC9E7-46AD-4DCD-AA7B-5071F55E3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18E772D1-DD0F-4F04-8BB4-9550F3C601E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B31FDE6-3EA6-4946-9A76-605F3C561C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46964729-D50D-4F17-A2F9-584A25E6F8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "050A0328-B07A-4CC7-B42E-A034F3140032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "732CC40B-BCBA-436B-956F-52BE28D9B79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A237D8D8-5656-4537-AD08-30CB8B4DAD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04B61AC7-E951-407F-A62E-490F9FEDE9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F70319-C8E4-4F54-9449-B0C3A59BF7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAD5F3B-54D7-425B-89D2-A3A86DE31BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.6:*:*:*:*:*:*:*",
"matchCriteriaId": "44D4B068-3456-4748-94BE-ACBA6A026570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:24.7:*:*:*:*:*:*:*",
"matchCriteriaId": "31A0674F-9FAA-4493-A7DD-BC084C4E1E6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCAFDF1-10BB-4AB0-9C9D-E99DDBA901BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31EE89B8-705F-4A05-9015-3D6E81D394E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E30AE3D4-6A3E-435E-BDBF-1A9A17297433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C705A0-62C0-485A-A077-C7DD426F80B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66C802A7-E4D5-4D2D-9CE8-749A75DF7461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A57FA-AC27-4288-8E42-97DECF3B993C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D474B11-98D0-41A3-A98B-CFB6955264AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD940E-9EF0-460B-A721-E70C719F2244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*",
"matchCriteriaId": "063FC215-D9D2-40D0-A8A5-6289890EF9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:24.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79E7E9DF-322E-474F-9204-E7189929490B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "707DE052-DE3E-4FC3-994C-52FF7B5373C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en DirectionalityUtils.cpp en Mozilla Firefox anterior a 32.0, Firefox ESR 24.x anterior a 24.8 y 31.x anterior a 31.1 y Thunderbird 24.x anterior a 24.8 y 31.x anterior a 31.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de texto que no se maneja debidamente durante la interacci\u00f3n entre la resoluci\u00f3n de la direccionalidad y el dise\u00f1o."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\" target=\"_blank\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2014-1567",
"lastModified": "2025-11-25T17:50:16.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-03T10:55:06.760",
"references": [
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60148"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/60186"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/61114"
},
{
"source": "security@mozilla.org",
"url": "http://secunia.com/advisories/61390"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-3018"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2014/dsa-3028"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/69520"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1030793"
},
{
"source": "security@mozilla.org",
"url": "http://www.securitytracker.com/id/1030794"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"
},
{
"source": "security@mozilla.org",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-72.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1037641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201504-01"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…