PT-2014-1288 · Mozilla+5 · Thunderbird+8

Published

2014-04-29

·

Updated

2024-12-12

·

CVE-2014-1518

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 29.0 Mozilla Firefox ESR versions prior to 24.5 Thunderbird versions prior to 24.5 SeaMonkey versions prior to 2.26
Description The issue is related to a vulnerability in the WebGLContext::ValidateTextImageSize function, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service by manipulating input data. The vulnerability can lead to memory corruption and application crash.
Recommendations For Mozilla Firefox versions prior to 29.0, update to version 29.0 or later. For Mozilla Firefox ESR versions prior to 24.5, update to version 24.5 or later. For Thunderbird versions prior to 24.5, update to version 24.5 or later. For SeaMonkey versions prior to 2.26, update to version 2.26 or later. As a temporary workaround, consider disabling the WebGLContext::ValidateTextImageSize function until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2014-1620
ALT-PU-2014-1621
ALT-PU-2014-1678
BDU:2015-00061
BDU:2015-00062
BDU:2015-00063
BDU:2015-00064
CESA-2014_0448
CESA-2014_0449
CVE-2014-1518
DSA-2918-1
DSA-2924-1
MGASA-2014-0201
MGASA-2014-0259
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2014:0448
RHSA-2014:0449
RHSA-2014_0448
RHSA-2014_0449
SUSE-SU-2014_0638-1
SUSE-SU-2014_0638-2
USN-2185-1
USN-2189-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Seamonkey
Suse
Thunderbird
Ubuntu