usn-2185-1
Vulnerability from osv_ubuntu
Published
2014-04-29 19:40
Modified
2026-04-22 07:36
Summary
firefox vulnerabilities
Details

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519)

An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1522)

Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523)

Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1524)

Abhishek Arya discovered a use-after-free in the Text Track Manager when processing HTML video. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1525)

Jukka Jylänki discovered an out-of-bounds write in Cairo when working with canvas in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1528)

Mariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. An attacker could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1529)

It was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. An attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)

A use-after-free was discovered when resizing images in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1531)

Christian Heimes discovered that NSS did not handle IDNA domain prefixes correctly for wildcard certificates. An attacker could potentially exploit this by using a specially crafted certificate to conduct a machine-in-the-middle attack. (CVE-2014-1492)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1532)

Boris Zbarsky discovered that the debugger bypassed XrayWrappers for some objects. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1526)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2014-1492",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1518",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1519",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1522",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1523",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1524",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1525",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1526",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1528",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1529",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1530",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1531",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-1532",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "29.0+build1-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "29.0+build1-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "29.0+build1-0ubuntu0.14.04.2"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "29.0+build1-0ubuntu0.14.04.2"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@29.0+build1-0ubuntu0.14.04.2?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "29.0+build1-0ubuntu0.14.04.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2"
      ]
    }
  ],
  "aliases": [],
  "details": "Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij,\nJesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir\nVukicevic and Christian Holler discovered multiple memory safety issues in\nFirefox. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2014-1518, CVE-2014-1519)\n\nAn out of bounds read was discovered in Web Audio. An attacker could\npotentially exploit this cause a denial of service via application crash\nor execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2014-1522)\n\nAbhishek Arya discovered an out of bounds read when decoding JPG images.\nAn attacker could potentially exploit this to cause a denial of service\nvia application crash. (CVE-2014-1523)\n\nAbhishek Arya discovered a buffer overflow when a script uses a non-XBL\nobject as an XBL object. An attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1524)\n\nAbhishek Arya discovered a use-after-free in the Text Track Manager when\nprocessing HTML video. An attacker could potentially exploit this to cause\na denial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1525)\n\nJukka Jyl\u00e4nki discovered an out-of-bounds write in Cairo when working\nwith canvas in some circumstances. An attacker could potentially exploit\nthis to cause a denial of service via application crash or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1528)\n\nMariusz Mlynski discovered that sites with notification permissions can\nrun script in a privileged context in some circumstances. An attacker\ncould exploit this to execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1529)\n\nIt was discovered that browser history navigations could be used to load\na site with the addressbar displaying the wrong address. An attacker could\npotentially exploit this to conduct cross-site scripting or phishing\nattacks. (CVE-2014-1530)\n\nA use-after-free was discovered when resizing images in some\ncircumstances. An attacker could potentially exploit this to cause a\ndenial of service via application crash or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2014-1531)\n\nChristian Heimes discovered that NSS did not handle IDNA domain prefixes\ncorrectly for wildcard certificates. An attacker could potentially exploit\nthis by using a specially crafted certificate to conduct a machine-in-the-middle\nattack. (CVE-2014-1492)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during\nhost resolution in some circumstances. An attacker could potentially\nexploit this to cause a denial of service via application crash or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1532)\n\nBoris Zbarsky discovered that the debugger bypassed XrayWrappers for some\nobjects. If a user were tricked in to opening a specially crafted website\nwhilst using the debugger, an attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1526)\n",
  "id": "USN-2185-1",
  "modified": "2026-04-22T07:36:31Z",
  "published": "2014-04-29T19:40:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2185-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1492"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1518"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1519"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1522"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1523"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1524"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1525"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1526"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1528"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1529"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1530"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1531"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-1532"
    },
    {
      "type": "REPORT",
      "url": "https://launchpad.net/bugs/1313464"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2014-1492",
    "UBUNTU-CVE-2014-1518",
    "UBUNTU-CVE-2014-1519",
    "UBUNTU-CVE-2014-1522",
    "UBUNTU-CVE-2014-1523",
    "UBUNTU-CVE-2014-1524",
    "UBUNTU-CVE-2014-1525",
    "UBUNTU-CVE-2014-1526",
    "UBUNTU-CVE-2014-1528",
    "UBUNTU-CVE-2014-1529",
    "UBUNTU-CVE-2014-1530",
    "UBUNTU-CVE-2014-1531",
    "UBUNTU-CVE-2014-1532"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…