{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "openSUSE-SU-2015:0138", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"name": "GLSA-201504-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-01"}, {"name": "71396", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71396"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3090", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3090"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "DSA-3092", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3092"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2014-1594", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:0138", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"name": "GLSA-201504-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-01"}, {"name": "71396", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71396"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3090", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3090"}, {"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"name": "openSUSE-SU-2015:1266", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "DSA-3092", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3092"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:09.592Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:0138", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"name": "GLSA-201504-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201504-01"}, {"name": "71396", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71396"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3090", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3090"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"name": "openSUSE-SU-2015:1266", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"name": "DSA-3092", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3092"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2014-1594", "datePublished": "2014-12-11T11:00:00", "dateReserved": "2014-01-16T00:00:00", "dateUpdated": "2024-08-06T09:50:09.592Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A24FFC6-737A-4EA6-88EB-5A80DC2DC8D6", "versionEndIncluding": "33.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "89291AB2-7450-4679-BD46-DC6D6D9D0F46", "versionEndIncluding": "31.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCC88E6A-FFED-4C78-8FC4-7914235282BC", "versionEndIncluding": "2.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "9806D62C-E276-47AB-8675-8A3952D14B21", "versionEndIncluding": "31.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."}, {"lang": "es", "value": "Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de una conversi\u00f3n de datos incorrecta del tipo BasicThebesLayer al tipo BasicContainerLayer."}], "id": "CVE-2014-1594", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-12-11T11:59:08.150", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2014/dsa-3090"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2014/dsa-3092"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/71396"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201504-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-89.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1074280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201504-01"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.", "affected_release": [{"advisory": "RHSA-2014:1919", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:31.3.0-4.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1924", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:31.3.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1919", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:31.3.0-3.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1924", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:31.3.0-1.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-12-02T00:00:00Z"}, {"advisory": "RHSA-2014:1919", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:31.3.0-3.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-12-02T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)", "id": "1169210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169210"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-749", "details": ["Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type."], "name": "CVE-2014-1594", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1594\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1594\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-89.html"], "threat_severity": "Moderate"}

{}