6.8
CVE-2014-1587
- EPSS 3.55%
- Veröffentlicht 11.12.2014 11:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.55% | 0.878 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
http://www.debian.org/security/2014/dsa-3090
http://www.debian.org/security/2014/dsa-3092
http://www.mozilla.org/security/announce/2014/mfsa2014-83.html
http://www.securityfocus.com/bid/71391
https://bugzilla.mozilla.org/show_bug.cgi?id=1042567
https://bugzilla.mozilla.org/show_bug.cgi?id=1072847
https://bugzilla.mozilla.org/show_bug.cgi?id=1079729
https://bugzilla.mozilla.org/show_bug.cgi?id=1080312
https://bugzilla.mozilla.org/show_bug.cgi?id=1089207