fkie_nvd - fkie_cve-2014-1581

FKIE_CVE-2014-1581

Vulnerability from fkie_nvd - Published: 2014-10-15 10:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

References

URL	Tags
security@mozilla.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html
security@mozilla.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2014-1635.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2014-1647.html
security@mozilla.org	http://secunia.com/advisories/61387
security@mozilla.org	http://secunia.com/advisories/61854
security@mozilla.org	http://secunia.com/advisories/62021
security@mozilla.org	http://secunia.com/advisories/62022
security@mozilla.org	http://secunia.com/advisories/62023
security@mozilla.org	http://www.debian.org/security/2014/dsa-3050
security@mozilla.org	http://www.debian.org/security/2014/dsa-3061
security@mozilla.org	http://www.mozilla.org/security/announce/2014/mfsa2014-79.html	Vendor Advisory
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
security@mozilla.org	http://www.securityfocus.com/bid/70426
security@mozilla.org	http://www.securitytracker.com/id/1031028
security@mozilla.org	http://www.securitytracker.com/id/1031030
security@mozilla.org	http://www.ubuntu.com/usn/USN-2372-1
security@mozilla.org	http://www.ubuntu.com/usn/USN-2373-1
security@mozilla.org	https://advisories.mageia.org/MGASA-2014-0421.html
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1068218
security@mozilla.org	https://security.gentoo.org/glsa/201504-01
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1635.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-1647.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61387
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61854
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62021
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62022
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62023
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3050
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3061
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2014/mfsa2014-79.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70426
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031028
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031030
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2372-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2373-1
af854a3a-2127-422b-91ae-364da2661108	https://advisories.mageia.org/MGASA-2014-0421.html
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1068218
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201504-01

Impacted products

Vendor	Product	Version
mozilla	thunderbird	31.0
mozilla	thunderbird	31.1.0
mozilla	firefox	31.0
mozilla	firefox	31.1.0
mozilla	firefox	*
mozilla	firefox	30.0
mozilla	firefox	31.0
mozilla	firefox	31.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "707DE052-DE3E-4FC3-994C-52FF7B5373C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:31.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "547FD734-8E0C-452A-AB2E-5F7307B42CEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A0B769-5287-4E95-874B-F1D7FC41C7AF",
              "versionEndIncluding": "32.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38EBC9E7-46AD-4DCD-AA7B-5071F55E3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en DirectionalityUtils.cpp en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de texto que se maneja indebidamente durante la interacci\u00f3n entre la resoluci\u00f3n de direccionalidad y dise\u00f1o."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
  "id": "CVE-2014-1581",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-15T10:55:06.847",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/61387"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/61854"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62021"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62022"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62023"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2014/dsa-3050"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2014/dsa-3061"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-79.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/70426"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1031028"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1031030"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2372-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2373-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://advisories.mageia.org/MGASA-2014-0421.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1068218"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-79.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2372-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2373-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://advisories.mageia.org/MGASA-2014-0421.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1068218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-1581 (GCVE-0-2014-1581)

Vulnerability from cvelistv5 – Published: 2014-10-15 10:00 – Updated: 2024-08-06 09:42

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://secunia.com/advisories/62021	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.securitytracker.com/id/1031028	vdb-entryx_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2373-1	vendor-advisoryx_refsource_UBUNTU
	https://advisories.mageia.org/MGASA-2014-0421.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201504-01	vendor-advisoryx_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1068218	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-1635.html	vendor-advisoryx_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://rhn.redhat.com/errata/RHSA-2014-1647.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/61387	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-2372-1	vendor-advisoryx_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/62022	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/70426	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securitytracker.com/id/1031030	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/62023	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2014-1…	vendor-advisoryx_refsource_SUSE
	http://www.mozilla.org/security/announce/2014/mfs…	x_refsource_CONFIRM
	http://www.debian.org/security/2014/dsa-3050	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/61854	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2014/dsa-3061	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:36.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62021"
          },
          {
            "name": "openSUSE-SU-2015:0138",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
          },
          {
            "name": "openSUSE-SU-2014:1344",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
          },
          {
            "name": "openSUSE-SU-2014:1346",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
          },
          {
            "name": "FEDORA-2014-13042",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
          },
          {
            "name": "1031028",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031028"
          },
          {
            "name": "openSUSE-SU-2014:1345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
          },
          {
            "name": "USN-2373-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2373-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://advisories.mageia.org/MGASA-2014-0421.html"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1068218"
          },
          {
            "name": "RHSA-2014:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
          },
          {
            "name": "FEDORA-2014-14084",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
          },
          {
            "name": "RHSA-2014:1647",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
          },
          {
            "name": "61387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61387"
          },
          {
            "name": "USN-2372-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2372-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "62022",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62022"
          },
          {
            "name": "70426",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70426"
          },
          {
            "name": "openSUSE-SU-2015:1266",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
          },
          {
            "name": "1031030",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031030"
          },
          {
            "name": "62023",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62023"
          },
          {
            "name": "openSUSE-SU-2014:1343",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-79.html"
          },
          {
            "name": "DSA-3050",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3050"
          },
          {
            "name": "61854",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61854"
          },
          {
            "name": "DSA-3061",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3061"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T18:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "62021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62021"
        },
        {
          "name": "openSUSE-SU-2015:0138",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
        },
        {
          "name": "openSUSE-SU-2014:1344",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
        },
        {
          "name": "openSUSE-SU-2014:1346",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
        },
        {
          "name": "FEDORA-2014-13042",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
        },
        {
          "name": "1031028",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031028"
        },
        {
          "name": "openSUSE-SU-2014:1345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
        },
        {
          "name": "USN-2373-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2373-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://advisories.mageia.org/MGASA-2014-0421.html"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1068218"
        },
        {
          "name": "RHSA-2014:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
        },
        {
          "name": "FEDORA-2014-14084",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
        },
        {
          "name": "RHSA-2014:1647",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
        },
        {
          "name": "61387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61387"
        },
        {
          "name": "USN-2372-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2372-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "62022",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62022"
        },
        {
          "name": "70426",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70426"
        },
        {
          "name": "openSUSE-SU-2015:1266",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
        },
        {
          "name": "1031030",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031030"
        },
        {
          "name": "62023",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62023"
        },
        {
          "name": "openSUSE-SU-2014:1343",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-79.html"
        },
        {
          "name": "DSA-3050",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3050"
        },
        {
          "name": "61854",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61854"
        },
        {
          "name": "DSA-3061",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3061"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62021"
            },
            {
              "name": "openSUSE-SU-2015:0138",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
            },
            {
              "name": "openSUSE-SU-2014:1344",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
            },
            {
              "name": "openSUSE-SU-2014:1346",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
            },
            {
              "name": "FEDORA-2014-13042",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
            },
            {
              "name": "1031028",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031028"
            },
            {
              "name": "openSUSE-SU-2014:1345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
            },
            {
              "name": "USN-2373-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2373-1"
            },
            {
              "name": "https://advisories.mageia.org/MGASA-2014-0421.html",
              "refsource": "CONFIRM",
              "url": "https://advisories.mageia.org/MGASA-2014-0421.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1068218",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1068218"
            },
            {
              "name": "RHSA-2014:1635",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
            },
            {
              "name": "FEDORA-2014-14084",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
            },
            {
              "name": "RHSA-2014:1647",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
            },
            {
              "name": "61387",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61387"
            },
            {
              "name": "USN-2372-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2372-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "62022",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62022"
            },
            {
              "name": "70426",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70426"
            },
            {
              "name": "openSUSE-SU-2015:1266",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
            },
            {
              "name": "1031030",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031030"
            },
            {
              "name": "62023",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62023"
            },
            {
              "name": "openSUSE-SU-2014:1343",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-79.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-79.html"
            },
            {
              "name": "DSA-3050",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3050"
            },
            {
              "name": "61854",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61854"
            },
            {
              "name": "DSA-3061",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3061"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-1581",
    "datePublished": "2014-10-15T10:00:00",
    "dateReserved": "2014-01-16T00:00:00",
    "dateUpdated": "2024-08-06T09:42:36.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2014-1581

CVE-2014-1581 (GCVE-0-2014-1581)

Tags

Sightings

Nomenclature