CVE-2014-1538
Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Vulnerabilidad de uso después de liberación en la función nsTextEditRules::CreateMozBR en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados.
Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-16 CVE Reserved
- 2014-06-11 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (38)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 29.0.1 Search vendor "Mozilla" for product "Firefox" and version " <= 29.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.0 Search vendor "Mozilla" for product "Firefox Esr" and version "24.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.0.1 Search vendor "Mozilla" for product "Firefox Esr" and version "24.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.0.2 Search vendor "Mozilla" for product "Firefox Esr" and version "24.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version "24.1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.1.1 Search vendor "Mozilla" for product "Firefox Esr" and version "24.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.2 Search vendor "Mozilla" for product "Firefox Esr" and version "24.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.3 Search vendor "Mozilla" for product "Firefox Esr" and version "24.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.4 Search vendor "Mozilla" for product "Firefox Esr" and version "24.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 24.5 Search vendor "Mozilla" for product "Firefox Esr" and version "24.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | <= 24.5 Search vendor "Mozilla" for product "Thunderbird" and version " <= 24.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 24.0 Search vendor "Mozilla" for product "Thunderbird" and version "24.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 24.0.1 Search vendor "Mozilla" for product "Thunderbird" and version "24.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 24.1 Search vendor "Mozilla" for product "Thunderbird" and version "24.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 24.1.1 Search vendor "Mozilla" for product "Thunderbird" and version "24.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 24.2 Search vendor "Mozilla" for product "Thunderbird" and version "24.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 24.3 Search vendor "Mozilla" for product "Thunderbird" and version "24.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 24.4 Search vendor "Mozilla" for product "Thunderbird" and version "24.4" | - |
Affected
| ||||||