Think you have a false positive on this rule?

Sid 1-45206

Message

BROWSER-FIREFOX Multiple browser pressure function denial of service attempt

Summary

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

Impact

CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2014-1512:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2014-1512: Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

Affected systems

  • mozilla firefox 0.1
  • mozilla firefox 0.2
  • mozilla firefox 0.3
  • mozilla firefox 0.4
  • mozilla firefox 0.5
  • mozilla firefox 0.6
  • mozilla firefox 0.6.1
  • mozilla firefox 0.7
  • mozilla firefox 0.7.1
  • mozilla firefox 0.8
  • mozilla firefox 0.9
  • mozilla firefox 0.9.1
  • mozilla firefox 0.9.2
  • mozilla firefox 0.9.3
  • mozilla firefox 0.10
  • mozilla firefox 0.10.1
  • mozilla firefox 1.0
  • mozilla firefox 1.0.1
  • mozilla firefox 1.0.2
  • mozilla firefox 1.0.3
  • mozilla firefox 1.0.4
  • mozilla firefox 1.0.5
  • mozilla firefox 1.0.6
  • mozilla firefox 1.0.7
  • mozilla firefox 1.0.8
  • mozilla firefox 1.5
  • mozilla firefox 1.5.0.1
  • mozilla firefox 1.5.0.2
  • mozilla firefox 1.5.0.3
  • mozilla firefox 1.5.0.4
  • mozilla firefox 1.5.0.5
  • mozilla firefox 1.5.0.6
  • mozilla firefox 1.5.0.7
  • mozilla firefox 1.5.0.8
  • mozilla firefox 1.5.0.9
  • mozilla firefox 1.5.0.10
  • mozilla firefox 1.5.0.11
  • mozilla firefox 1.5.0.12
  • mozilla firefox 1.5.1
  • mozilla firefox 1.5.2
  • mozilla firefox 1.5.3
  • mozilla firefox 1.5.4
  • mozilla firefox 1.5.5
  • mozilla firefox 1.5.6
  • mozilla firefox 1.5.7
  • mozilla firefox 1.5.8
  • mozilla firefox 2.0
  • mozilla firefox 2.0.0.1
  • mozilla firefox 2.0.0.2
  • mozilla firefox 2.0.0.3
  • mozilla firefox 2.0.0.4
  • mozilla firefox 2.0.0.5
  • mozilla firefox 2.0.0.6
  • mozilla firefox 2.0.0.7
  • mozilla firefox 2.0.0.8
  • mozilla firefox 2.0.0.9
  • mozilla firefox 2.0.0.10
  • mozilla firefox 2.0.0.11
  • mozilla firefox 2.0.0.12
  • mozilla firefox 2.0.0.13
  • mozilla firefox 2.0.0.14
  • mozilla firefox 2.0.0.15
  • mozilla firefox 2.0.0.16
  • mozilla firefox 2.0.0.17
  • mozilla firefox 2.0.0.18
  • mozilla firefox 2.0.0.19
  • mozilla firefox 2.0.0.20
  • mozilla firefox 3.0
  • mozilla firefox 3.0.1
  • mozilla firefox 3.0.2
  • mozilla firefox 3.0.3
  • mozilla firefox 3.0.4
  • mozilla firefox 3.0.5
  • mozilla firefox 3.0.6
  • mozilla firefox 3.0.7
  • mozilla firefox 3.0.8
  • mozilla firefox 3.0.9
  • mozilla firefox 3.0.10
  • mozilla firefox 3.0.11
  • mozilla firefox 3.0.12
  • mozilla firefox 3.0.13
  • mozilla firefox 3.0.14
  • mozilla firefox 3.0.15
  • mozilla firefox 3.0.16
  • mozilla firefox 3.0.17
  • mozilla firefox 3.0.18
  • mozilla firefox 3.0.19
  • mozilla firefox 3.5
  • mozilla firefox 3.5.1
  • mozilla firefox 3.5.2
  • mozilla firefox 3.5.3
  • mozilla firefox 3.5.4
  • mozilla firefox 3.5.5
  • mozilla firefox 3.5.6
  • mozilla firefox 3.5.7
  • mozilla firefox 3.5.8
  • mozilla firefox 3.5.9
  • mozilla firefox 3.5.10
  • mozilla firefox 3.5.11
  • mozilla firefox 3.5.12
  • mozilla firefox 3.5.13
  • mozilla firefox 3.5.14
  • mozilla firefox 3.5.15
  • mozilla firefox 3.5.16
  • mozilla firefox 3.5.17
  • mozilla firefox 3.5.18
  • mozilla firefox 3.5.19
  • mozilla firefox 3.6
  • mozilla firefox 3.6.2
  • mozilla firefox 3.6.3
  • mozilla firefox 3.6.4
  • mozilla firefox 3.6.6
  • mozilla firefox 3.6.7
  • mozilla firefox 3.6.8
  • mozilla firefox 3.6.9
  • mozilla firefox 3.6.10
  • mozilla firefox 3.6.11
  • mozilla firefox 3.6.12
  • mozilla firefox 3.6.13
  • mozilla firefox 3.6.14
  • mozilla firefox 3.6.15
  • mozilla firefox 3.6.16
  • mozilla firefox 3.6.17
  • mozilla firefox 3.6.18
  • mozilla firefox 3.6.19
  • mozilla firefox 3.6.20
  • mozilla firefox 3.6.21
  • mozilla firefox 3.6.22
  • mozilla firefox 3.6.23
  • mozilla firefox 3.6.24
  • mozilla firefox 3.6.25
  • mozilla firefox 3.6.26
  • mozilla firefox 3.6.27
  • mozilla firefox 3.6.28
  • mozilla firefox 4.0
  • mozilla firefox 4.0.1
  • mozilla firefox 5.0
  • mozilla firefox 5.0.1
  • mozilla firefox 6.0
  • mozilla firefox 6.0.1
  • mozilla firefox 6.0.2
  • mozilla firefox 7.0
  • mozilla firefox 7.0.1
  • mozilla firefox 8.0
  • mozilla firefox 8.0.1
  • mozilla firefox 9.0
  • mozilla firefox 9.0.1
  • mozilla firefox 10.0
  • mozilla firefox 10.0.1
  • mozilla firefox 10.0.2
  • mozilla firefox 10.0.3
  • mozilla firefox 10.0.4
  • mozilla firefox 10.0.5
  • mozilla firefox 10.0.6
  • mozilla firefox 10.0.7
  • mozilla firefox 10.0.8
  • mozilla firefox 10.0.9
  • mozilla firefox 10.0.10
  • mozilla firefox 10.0.11
  • mozilla firefox 10.0.12
  • mozilla firefox 11.0
  • mozilla firefox 12.0
  • mozilla firefox 13.0
  • mozilla firefox 13.0.1
  • mozilla firefox 14.0
  • mozilla firefox 14.0.1
  • mozilla firefox 15.0
  • mozilla firefox 15.0.1
  • mozilla firefox 16.0
  • mozilla firefox 16.0.1
  • mozilla firefox 16.0.2
  • mozilla firefox 17.0.2
  • mozilla firefox 17.0.3
  • mozilla firefox 17.0.4
  • mozilla firefox 17.0.5
  • mozilla firefox 17.0.6
  • mozilla firefox 17.0.7
  • mozilla firefox 17.0.8
  • mozilla firefox 17.0.9
  • mozilla firefox 17.0.10
  • mozilla firefox 17.0.11
  • mozilla firefox 18.0
  • mozilla firefox 18.0.1
  • mozilla firefox 18.0.2
  • mozilla firefox 19.0
  • mozilla firefox 19.0.1
  • mozilla firefox 19.0.2
  • mozilla firefox 20.0
  • mozilla firefox 20.0.1
  • mozilla firefox 21.0
  • mozilla firefox 23.0
  • mozilla firefox 23.0.1
  • mozilla firefox 24.0
  • mozilla firefox 24.1
  • mozilla firefox 24.1.1
  • mozilla firefox 25.0
  • mozilla firefox 25.0.1
  • mozilla firefox 26.0
  • mozilla firefox 27.0
  • mozilla firefox 27.0.1
  • mozilla firefox_esr 24.0
  • mozilla firefox_esr 24.0.1
  • mozilla firefox_esr 24.0.2
  • mozilla firefox_esr 24.1.0
  • mozilla firefox_esr 24.1.1
  • mozilla firefox_esr 24.2
  • mozilla firefox_esr 24.3
  • mozilla seamonkey 2.0
  • mozilla seamonkey 2.0.1
  • mozilla seamonkey 2.0.2
  • mozilla seamonkey 2.0.3
  • mozilla seamonkey 2.0.4
  • mozilla seamonkey 2.0.5
  • mozilla seamonkey 2.0.6
  • mozilla seamonkey 2.0.7
  • mozilla seamonkey 2.0.8
  • mozilla seamonkey 2.0.9
  • mozilla seamonkey 2.0.10
  • mozilla seamonkey 2.0.11
  • mozilla seamonkey 2.0.12
  • mozilla seamonkey 2.0.13
  • mozilla seamonkey 2.0.14
  • mozilla seamonkey 2.1
  • mozilla seamonkey 2.2
  • mozilla seamonkey 2.3
  • mozilla seamonkey 2.3.1
  • mozilla seamonkey 2.3.2
  • mozilla seamonkey 2.3.3
  • mozilla seamonkey 2.4
  • mozilla seamonkey 2.4.1
  • mozilla seamonkey 2.5
  • mozilla seamonkey 2.6
  • mozilla seamonkey 2.6.1
  • mozilla seamonkey 2.7
  • mozilla seamonkey 2.7.1
  • mozilla seamonkey 2.7.2
  • mozilla seamonkey 2.8
  • mozilla seamonkey 2.9
  • mozilla seamonkey 2.9.1
  • mozilla seamonkey 2.10
  • mozilla seamonkey 2.10.1
  • mozilla seamonkey 2.11
  • mozilla seamonkey 2.12
  • mozilla seamonkey 2.12.1
  • mozilla seamonkey 2.13
  • mozilla seamonkey 2.13.1
  • mozilla seamonkey 2.13.2
  • mozilla seamonkey 2.14
  • mozilla seamonkey 2.15
  • mozilla seamonkey 2.15.1
  • mozilla seamonkey 2.15.2
  • mozilla seamonkey 2.16
  • mozilla seamonkey 2.16.1
  • mozilla seamonkey 2.16.2
  • mozilla seamonkey 2.17
  • mozilla seamonkey 2.17.1
  • mozilla seamonkey 2.18
  • mozilla seamonkey 2.19
  • mozilla seamonkey 2.20
  • mozilla seamonkey 2.21
  • mozilla seamonkey 2.22
  • mozilla seamonkey 2.22.1
  • mozilla seamonkey 2.23
  • mozilla seamonkey 2.24
  • mozilla seamonkey 2.25
  • mozilla thunderbird 0.1
  • mozilla thunderbird 0.2
  • mozilla thunderbird 0.3
  • mozilla thunderbird 0.4
  • mozilla thunderbird 0.5
  • mozilla thunderbird 0.6
  • mozilla thunderbird 0.7
  • mozilla thunderbird 0.7.1
  • mozilla thunderbird 0.7.2
  • mozilla thunderbird 0.7.3
  • mozilla thunderbird 0.8
  • mozilla thunderbird 0.9
  • mozilla thunderbird 1.0
  • mozilla thunderbird 1.0.1
  • mozilla thunderbird 1.0.2
  • mozilla thunderbird 1.0.3
  • mozilla thunderbird 1.0.4
  • mozilla thunderbird 1.0.5
  • mozilla thunderbird 1.0.6
  • mozilla thunderbird 1.0.7
  • mozilla thunderbird 1.0.8
  • mozilla thunderbird 1.5
  • mozilla thunderbird 1.5.0.1
  • mozilla thunderbird 1.5.0.2
  • mozilla thunderbird 1.5.0.3
  • mozilla thunderbird 1.5.0.4
  • mozilla thunderbird 1.5.0.5
  • mozilla thunderbird 1.5.0.6
  • mozilla thunderbird 1.5.0.7
  • mozilla thunderbird 1.5.0.8
  • mozilla thunderbird 1.5.0.9
  • mozilla thunderbird 1.5.0.10
  • mozilla thunderbird 1.5.0.11
  • mozilla thunderbird 1.5.0.12
  • mozilla thunderbird 1.5.0.13
  • mozilla thunderbird 1.5.0.14
  • mozilla thunderbird 1.5.1
  • mozilla thunderbird 1.5.2
  • mozilla thunderbird 1.7.1
  • mozilla thunderbird 1.7.3
  • mozilla thunderbird 2.0
  • mozilla thunderbird 2.0.0.0
  • mozilla thunderbird 2.0.0.1
  • mozilla thunderbird 2.0.0.2
  • mozilla thunderbird 2.0.0.3
  • mozilla thunderbird 2.0.0.4
  • mozilla thunderbird 2.0.0.5
  • mozilla thunderbird 2.0.0.6
  • mozilla thunderbird 2.0.0.7
  • mozilla thunderbird 2.0.0.8
  • mozilla thunderbird 2.0.0.9
  • mozilla thunderbird 2.0.0.11
  • mozilla thunderbird 2.0.0.12
  • mozilla thunderbird 2.0.0.13
  • mozilla thunderbird 2.0.0.14
  • mozilla thunderbird 2.0.0.15
  • mozilla thunderbird 2.0.0.16
  • mozilla thunderbird 2.0.0.17
  • mozilla thunderbird 2.0.0.18
  • mozilla thunderbird 2.0.0.19
  • mozilla thunderbird 2.0.0.20
  • mozilla thunderbird 2.0.0.21
  • mozilla thunderbird 2.0.0.22
  • mozilla thunderbird 2.0.0.23
  • mozilla thunderbird 3.0
  • mozilla thunderbird 3.0.1
  • mozilla thunderbird 3.0.2
  • mozilla thunderbird 3.0.3
  • mozilla thunderbird 3.0.4
  • mozilla thunderbird 3.0.5
  • mozilla thunderbird 3.0.6
  • mozilla thunderbird 3.0.7
  • mozilla thunderbird 3.0.8
  • mozilla thunderbird 3.0.9
  • mozilla thunderbird 3.0.10
  • mozilla thunderbird 3.0.11
  • mozilla thunderbird 3.1
  • mozilla thunderbird 3.1.1
  • mozilla thunderbird 3.1.2
  • mozilla thunderbird 3.1.3
  • mozilla thunderbird 3.1.4
  • mozilla thunderbird 3.1.5
  • mozilla thunderbird 3.1.6
  • mozilla thunderbird 3.1.7
  • mozilla thunderbird 3.1.8
  • mozilla thunderbird 3.1.9
  • mozilla thunderbird 3.1.10
  • mozilla thunderbird 3.1.11
  • mozilla thunderbird 3.1.12
  • mozilla thunderbird 3.1.13
  • mozilla thunderbird 3.1.14
  • mozilla thunderbird 3.1.15
  • mozilla thunderbird 3.1.16
  • mozilla thunderbird 3.1.17
  • mozilla thunderbird 5.0
  • mozilla thunderbird 6.0
  • mozilla thunderbird 6.0.1
  • mozilla thunderbird 6.0.2
  • mozilla thunderbird 7.0
  • mozilla thunderbird 7.0.1
  • mozilla thunderbird 8.0
  • mozilla thunderbird 9.0
  • mozilla thunderbird 9.0.1
  • mozilla thunderbird 10.0
  • mozilla thunderbird 10.0.1
  • mozilla thunderbird 10.0.2
  • mozilla thunderbird 10.0.3
  • mozilla thunderbird 10.0.4
  • mozilla thunderbird 11.0
  • mozilla thunderbird 11.0.1
  • mozilla thunderbird 12.0
  • mozilla thunderbird 12.0.1
  • mozilla thunderbird 13.0
  • mozilla thunderbird 13.0.1
  • mozilla thunderbird 14.0
  • mozilla thunderbird 15.0
  • mozilla thunderbird 15.0.1
  • mozilla thunderbird 16.0
  • mozilla thunderbird 16.0.1
  • mozilla thunderbird 16.0.2
  • mozilla thunderbird 17.0
  • mozilla thunderbird 17.0.1
  • mozilla thunderbird 17.0.2
  • mozilla thunderbird 17.0.3
  • mozilla thunderbird 17.0.4
  • mozilla thunderbird 17.0.5
  • mozilla thunderbird 17.0.6
  • mozilla thunderbird 17.0.7
  • mozilla thunderbird 17.0.8
  • mozilla thunderbird 24.0
  • mozilla thunderbird 24.0.1
  • mozilla thunderbird 24.1
  • mozilla thunderbird 24.1.1
  • mozilla thunderbird 24.2
  • mozilla thunderbird 24.3

Ease of attack

CVE-2014-1512:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References