ID CVE-2014-1567
Summary Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
References
Vulnerable Configurations
  • Mozilla Firefox 31.1.0
    cpe:2.3:a:mozilla:firefox:31.1.0
  • Mozilla Firefox 31.0
    cpe:2.3:a:mozilla:firefox:31.0
  • Mozilla Firefox 30.0
    cpe:2.3:a:mozilla:firefox:30.0
  • Mozilla Firefox Extended Support Release (ESR) 31.0
    cpe:2.3:a:mozilla:firefox_esr:31.0
  • Mozilla Firefox Extended Support Release (ESR) 24.0
    cpe:2.3:a:mozilla:firefox_esr:24.0
  • Mozilla Firefox Extended Support Release (ESR) 24.0.1
    cpe:2.3:a:mozilla:firefox_esr:24.0.1
  • Mozilla Firefox Extended Support Release (ESR) 24.0.2
    cpe:2.3:a:mozilla:firefox_esr:24.0.2
  • Mozilla Firefox Extended Support Release (ESR) 24.1.0
    cpe:2.3:a:mozilla:firefox_esr:24.1.0
  • Mozilla Firefox Extended Support Release (ESR) 24.1.1
    cpe:2.3:a:mozilla:firefox_esr:24.1.1
  • Mozilla Firefox Extended Support Release (ESR) 24.2
    cpe:2.3:a:mozilla:firefox_esr:24.2
  • Mozilla Firefox Extended Support Release (ESR) 24.3
    cpe:2.3:a:mozilla:firefox_esr:24.3
  • Mozilla Firefox Extended Support Release (ESR) 24.4
    cpe:2.3:a:mozilla:firefox_esr:24.4
  • Mozilla Firefox Extended Support Release (ESR) 24.5
    cpe:2.3:a:mozilla:firefox_esr:24.5
  • Mozilla Firefox Extended Support Release (ESR) 24.6
    cpe:2.3:a:mozilla:firefox_esr:24.6
  • Mozilla Firefox Extended Support Release (ESR) 24.7
    cpe:2.3:a:mozilla:firefox_esr:24.7
  • Mozilla Thunderbird 31.0
    cpe:2.3:a:mozilla:thunderbird:31.0
  • Mozilla Thunderbird 24.0
    cpe:2.3:a:mozilla:thunderbird:24.0
  • Mozilla Thunderbird 24.0.1
    cpe:2.3:a:mozilla:thunderbird:24.0.1
  • Mozilla Thunderbird 24.1
    cpe:2.3:a:mozilla:thunderbird:24.1
  • Mozilla Thunderbird 24.1.1
    cpe:2.3:a:mozilla:thunderbird:24.1.1
  • Mozilla Thunderbird 24.2
    cpe:2.3:a:mozilla:thunderbird:24.2
  • Mozilla Thunderbird 24.3
    cpe:2.3:a:mozilla:thunderbird:24.3
  • Mozilla Thunderbird 24.4
    cpe:2.3:a:mozilla:thunderbird:24.4
  • Mozilla Thunderbird 24.5
    cpe:2.3:a:mozilla:thunderbird:24.5
  • Mozilla Thunderbird 24.6
    cpe:2.3:a:mozilla:thunderbird:24.6
  • Mozilla Thunderbird 24.7
    cpe:2.3:a:mozilla:thunderbird:24.7
CVSS
Base: 9.3 (as of 03-09-2014 - 11:43)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_31_1.NASL
    description The version of Thunderbird installed on the remote host is a version prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77502
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77502
    title Mozilla Thunderbird < 31.1 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_24_8.NASL
    description The version of Thunderbird 24.x installed on the remote host is a version prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77501
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77501
    title Mozilla Thunderbird 24.x < 24.8 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2329-1.NASL
    description Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1567). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77486
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77486
    title Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2329-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140903_FIREFOX_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 77551
    published 2014-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77551
    title Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_32.NASL
    description The version of Firefox installed on the remote Mac OS X host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77495
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77495
    title Firefox < 32.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_31_1_ESR.NASL
    description The version of Firefox ESR 31.x installed on the remote host is prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77499
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77499
    title Firefox ESR 31.x < 31.1 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-531.NASL
    description MozillaThunderbird was updated to Thunderbird 31.1.0 (bnc#894370), fixinfg security issues : - MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards - MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG - MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering - MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline - MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - update to Thunderbird 31.0 - based on Gecko 31 - Autocompleting email addresses now matches against any part of the name or email - Composing a mail to a newsgroup will now autocomplete newsgroup names - Insecure NTLM (pre-NTLMv2) authentication disabled
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77619
    published 2014-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77619
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1098-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_31_1_ESR.NASL
    description The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77494
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77494
    title Firefox ESR 31.x < 31.1 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_32.NASL
    description The version of Firefox installed on the remote host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 77500
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77500
    title Firefox < 32.0 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3028.NASL
    description Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77752
    published 2014-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77752
    title Debian DSA-3028-1 : icedove - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-530.NASL
    description Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. MFSA 2014-70 / CVE-2014-1565: Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values. MFSA 2014-69 / CVE-2014-1564: Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this uninitialized memory using the feature. MFSA 2014-68 / CVE-2014-1563: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to a potentially exploitable crash. MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, and JW Wang reported memory safety problems and crashes that affect Firefox ESR 31 and Firefox 31. (CVE-2014-1553) Gary Kwong, Christian Holler, and David Weir reported memory safety problems and crashes that affect Firefox 31. (CVE-2014-1554) Mozilla NSS was updated to 3.16.4: Notable Changes : - The following 1024-bit root CA certificate was restored to allow more time to develop a better transition strategy for affected sites. It was removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy forum led to the decision to keep this root included longer in order to give website administrators more time to update their web servers. - CN = GTE CyberTrust Global Root - In NSS 3.16.3, the 1024-bit 'Entrust.net Secure Server Certification Authority' root CA certificate was removed. In NSS 3.16.4, a 2048-bit intermediate CA certificate has been included, without explicit trust. The intention is to mitigate the effects of the previous removal of the 1024-bit Entrust.net root certificate, because many public Internet sites still use the 'USERTrust Legacy Secure Server CA' intermediate certificate that is signed by the 1024-bit Entrust.net root certificate. The inclusion of the intermediate certificate is a temporary measure to allow those sites to function, by allowing them to find a trust path to another 2048-bit root CA certificate. The temporarily included intermediate certificate expires November 1, 2015.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77618
    published 2014-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77618
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1099-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_31_1.NASL
    description The version of Thunderbird installed on the remote Mac OS X host is a version prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1553, CVE-2014-1562) - A use-after-free vulnerability exists due to improper cycle collection when processing animated SVG content. A remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-1563) - Memory is not properly initialized during GIF rendering. Using a specially crafted web script, a remote attacker can exploit this to acquire sensitive information from the process memory. (CVE-2014-1564) - The Web Audio API contains a flaw where audio timelines are properly created. Using specially crafted API calls, a remote attacker can exploit this to acquire sensitive information from the process memory or cause a denial of service. (CVE-2014-1565) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77497
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77497
    title Mozilla Thunderbird < 31.1 Multiple Vulnerabilities (Mac OS X)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2330-1.NASL
    description Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1553, CVE-2014-1562) Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1563) Michal Zalewski discovered that memory is not initialized properly during GIF rendering in some circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to steal confidential information. (CVE-2014-1564) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or steal confidential information. (CVE-2014-1565) A use-after-free was discovered during text layout in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1567). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77664
    published 2014-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77664
    title Ubuntu 12.04 LTS / 14.04 LTS : thunderbird vulnerabilities (USN-2330-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3018.NASL
    description Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77511
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77511
    title Debian DSA-3018-1 : iceweasel - security update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1145.NASL
    description From Red Hat Security Advisory 2014:1145 : An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.8.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.8.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 77514
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77514
    title Oracle Linux 6 : thunderbird (ELSA-2014-1145)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1145.NASL
    description An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.8.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.8.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 77520
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77520
    title RHEL 5 / 6 : thunderbird (RHSA-2014:1145)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FIREFOX-201409-140903.NASL
    description Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream : - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. (MFSA 2014-72 / CVE-2014-1567) - Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2014-67) - Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ .
    last seen 2019-02-21
    modified 2014-10-03
    plugin id 77599
    published 2014-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77599
    title SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9687)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1144.NASL
    description From Red Hat Security Advisory 2014:1144 : Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.8.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 77513
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77513
    title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2014-1144)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_24_8_ESR.NASL
    description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77498
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77498
    title Firefox ESR 24.x < 24.8 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140903_THUNDERBIRD_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 77554
    published 2014-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77554
    title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1144.NASL
    description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.8.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77519
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77519
    title RHEL 5 / 6 / 7 : firefox (RHSA-2014:1144)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_24_8_ESR.NASL
    description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77493
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77493
    title Firefox ESR 24.x < 24.8 Multiple Vulnerabilities (Mac OS X)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1144.NASL
    description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.8.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77505
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77505
    title CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2014:1144)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_24_8.NASL
    description The version of Thunderbird 24.x installed on the remote Mac OS X host is a version prior to 24.8. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code. (CVE-2014-1562) - A use-after-free vulnerability exists due to improper handling of text layout in directionality resolution. A remote attacker can exploit this to execute arbitrary code. (CVE-2014-1567)
    last seen 2019-02-21
    modified 2018-08-08
    plugin id 77496
    published 2014-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77496
    title Mozilla Thunderbird 24.x < 24.8 Multiple Vulnerabilities (Mac OS X)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1145.NASL
    description An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.8.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.8.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77506
    published 2014-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77506
    title CentOS 5 / 6 : thunderbird (CESA-2014:1145)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201504-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 82632
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82632
    title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
redhat via4
advisories
  • bugzilla
    id 1135869
    title CVE-2014-1567 Mozilla: Use-after-free setting text directionality (MFSA 2014-72)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • comment firefox is earlier than 0:24.8.0-2.el5_10
        oval oval:com.redhat.rhsa:tst:20141144002
      • comment firefox is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070097009
    • AND
      • comment firefox is earlier than 0:24.8.0-1.el6_5
        oval oval:com.redhat.rhsa:tst:20141144008
      • comment firefox is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100861010
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment firefox is earlier than 0:24.8.0-1.el7_0
            oval oval:com.redhat.rhsa:tst:20141144014
          • comment firefox is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861010
        • AND
          • comment xulrunner is earlier than 0:24.8.0-1.el7_0
            oval oval:com.redhat.rhsa:tst:20141144015
          • comment xulrunner is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861006
        • AND
          • comment xulrunner-devel is earlier than 0:24.8.0-1.el7_0
            oval oval:com.redhat.rhsa:tst:20141144017
          • comment xulrunner-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861008
    rhsa
    id RHSA-2014:1144
    released 2014-09-03
    severity Critical
    title RHSA-2014:1144: firefox security update (Critical)
  • bugzilla
    id 1135869
    title CVE-2014-1567 Mozilla: Use-after-free setting text directionality (MFSA 2014-72)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • comment thunderbird is earlier than 0:24.8.0-1.el5_10
        oval oval:com.redhat.rhsa:tst:20141145002
      • comment thunderbird is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070108003
    • AND
      • comment thunderbird is earlier than 0:24.8.0-1.el6_5
        oval oval:com.redhat.rhsa:tst:20141145008
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
    rhsa
    id RHSA-2014:1145
    released 2014-09-03
    severity Important
    title RHSA-2014:1145: thunderbird security update (Important)
rpms
  • firefox-0:24.8.0-2.el5_10
  • firefox-0:24.8.0-1.el6_5
  • firefox-0:24.8.0-1.el7_0
  • xulrunner-0:24.8.0-1.el7_0
  • xulrunner-devel-0:24.8.0-1.el7_0
  • thunderbird-0:24.8.0-1.el5_10
  • thunderbird-0:24.8.0-1.el6_5
refmap via4
bid 69520
confirm
debian
  • DSA-3018
  • DSA-3028
gentoo GLSA-201504-01
sectrack
  • 1030793
  • 1030794
secunia
  • 60148
  • 60186
  • 61114
  • 61390
suse
  • SUSE-SU-2014:1107
  • SUSE-SU-2014:1112
  • SUSE-SU-2014:1120
  • openSUSE-SU-2014:1098
  • openSUSE-SU-2014:1099
  • openSUSE-SU-2015:0138
  • openSUSE-SU-2015:1266
Last major update 06-01-2017 - 21:59
Published 03-09-2014 - 06:55
Back to Top