CVE-2014-1564

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html Third Party Advisory
http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html
http://seclists.org/fulldisclosure/2014/Sep/18
http://secunia.com/advisories/60148
http://secunia.com/advisories/61114
http://www.mozilla.org/security/announce/2014/mfsa2014-69.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/archive/1/533357/100/0/threaded
http://www.securityfocus.com/bid/69525
http://www.securitytracker.com/id/1030793
http://www.securitytracker.com/id/1030794
https://bugzilla.mozilla.org/show_bug.cgi?id=1045977 Issue Tracking
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html Third Party Advisory
http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html
http://seclists.org/fulldisclosure/2014/Sep/18
http://secunia.com/advisories/60148
http://secunia.com/advisories/61114
http://www.mozilla.org/security/announce/2014/mfsa2014-69.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/archive/1/533357/100/0/threaded
http://www.securityfocus.com/bid/69525
http://www.securitytracker.com/id/1030793
http://www.securitytracker.com/id/1030794
https://bugzilla.mozilla.org/show_bug.cgi?id=1045977 Issue Tracking
https://security.gentoo.org/glsa/201504-01
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html - () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html -
References () http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html - Third Party Advisory
References () http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html - () http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html -
References () http://seclists.org/fulldisclosure/2014/Sep/18 - () http://seclists.org/fulldisclosure/2014/Sep/18 -
References () http://secunia.com/advisories/60148 - () http://secunia.com/advisories/60148 -
References () http://secunia.com/advisories/61114 - () http://secunia.com/advisories/61114 -
References () http://www.mozilla.org/security/announce/2014/mfsa2014-69.html - Vendor Advisory () http://www.mozilla.org/security/announce/2014/mfsa2014-69.html - Vendor Advisory
References () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html -
References () http://www.securityfocus.com/archive/1/533357/100/0/threaded - () http://www.securityfocus.com/archive/1/533357/100/0/threaded -
References () http://www.securityfocus.com/bid/69525 - () http://www.securityfocus.com/bid/69525 -
References () http://www.securitytracker.com/id/1030793 - () http://www.securitytracker.com/id/1030793 -
References () http://www.securitytracker.com/id/1030794 - () http://www.securitytracker.com/id/1030794 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1045977 - Issue Tracking () https://bugzilla.mozilla.org/show_bug.cgi?id=1045977 - Issue Tracking
References () https://security.gentoo.org/glsa/201504-01 - () https://security.gentoo.org/glsa/201504-01 -

21 Oct 2024, 13:55

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*

Information

Published : 2014-09-03 10:55

Updated : 2024-11-21 02:04


NVD link : CVE-2014-1564

Mitre link : CVE-2014-1564

CVE.ORG link : CVE-2014-1564


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird

opensuse

  • opensuse
  • evergreen
CWE
CWE-824

Access of Uninitialized Pointer