CVE-2014-1541

Published: Jun 11, 2014Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.

Affected (18)

Products: Mozilla: Thunderbird, Firefox, Firefox Esr

3 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thunderbird	Up to 24.5
Mozilla Thunderbird	Version 24.0.1
Mozilla Thunderbird	Version 24.0
Mozilla Thunderbird	Version 24.1.1
Mozilla Thunderbird	Version 24.1
Mozilla Thunderbird	Version 24.2
Mozilla Thunderbird	Version 24.3
Mozilla Thunderbird	Version 24.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 29.0.1

Configuration C

9 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 24.0.1
Mozilla Firefox	Version 24.0.2
Mozilla Firefox	Version 24.0
Mozilla Firefox	Version 24.1.0
Mozilla Firefox	Version 24.1.1
Mozilla Firefox Esr	Version 24.2
Mozilla Firefox Esr	Version 24.3
Mozilla Firefox Esr	Version 24.4
Mozilla Firefox Esr	Version 24.5

References (72)

http://linux.oracle.com/errata/ELSA-2014-0741.html

Source: security@mozilla.org

http://linux.oracle.com/errata/ELSA-2014-0742.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2014-0741.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2014-0742.html

Source: security@mozilla.org

http://secunia.com/advisories/58984

Source: security@mozilla.org

http://secunia.com/advisories/59052

Source: security@mozilla.org

http://secunia.com/advisories/59149

Source: security@mozilla.org

http://secunia.com/advisories/59150

Source: security@mozilla.org

http://secunia.com/advisories/59165

Source: security@mozilla.org

http://secunia.com/advisories/59169

Source: security@mozilla.org

http://secunia.com/advisories/59170

Source: security@mozilla.org

http://secunia.com/advisories/59171

Source: security@mozilla.org

http://secunia.com/advisories/59229

Source: security@mozilla.org

http://secunia.com/advisories/59275

Source: security@mozilla.org

http://secunia.com/advisories/59328

Source: security@mozilla.org

http://secunia.com/advisories/59377

Source: security@mozilla.org

http://secunia.com/advisories/59387

Source: security@mozilla.org

http://secunia.com/advisories/59425

Source: security@mozilla.org

http://secunia.com/advisories/59486

Source: security@mozilla.org

http://secunia.com/advisories/59866

Source: security@mozilla.org

http://www.debian.org/security/2014/dsa-2955

Source: security@mozilla.org

http://www.debian.org/security/2014/dsa-2960

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2014/mfsa2014-52.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/67979

Source: security@mozilla.org

http://www.securitytracker.com/id/1030386

Source: security@mozilla.org

http://www.securitytracker.com/id/1030388

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2243-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2250-1

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1000185

Source: security@mozilla.org

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

http://linux.oracle.com/errata/ELSA-2014-0741.html