The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2014-1533 CVE-2014-1534 CVE-2014-1536

Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey.
Vulnerable systems: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this threat: 4/4.
Consequences of a hack: user access/rights, denial of service on client.
Pirate's origin: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 10/06/2014.
Références of this weakness: CERTFR-2014-AVI-270, CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1539, CVE-2014-1540, CVE-2014-1541, CVE-2014-1542, CVE-2014-1543, DSA-2955-1, DSA-2960-1, FEDORA-2014-7279, FEDORA-2014-7310, FEDORA-2014-7325, FEDORA-2014-7682, FEDORA-2014-7690, MFSA 2014-48, MFSA 2014-49, MFSA 2014-50, MFSA 2014-51, MFSA 2014-52, MFSA 2014-53, MFSA 2014-54, openSUSE-SU-2014:0797-1, openSUSE-SU-2014:0819-1, openSUSE-SU-2014:0855-1, openSUSE-SU-2014:0858-1, openSUSE-SU-2014:1100-1, RHSA-2014:0741-01, RHSA-2014:0742-01, SSA:2014-163-01, SSA:2014-175-05, SUSE-SU-2014:0824-1, SUSE-SU-2014:0824-2, SUSE-SU-2014:0824-3, SUSE-SU-2014:0905-1, USN-2243-1, USN-2250-1, VIGILANCE-VUL-14870.

Description of the vulnerability

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1533, CVE-2014-1534, MFSA 2014-48]

An attacker can use a freed memory area in Address Sanitizer, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, MFSA 2014-49]

An attacker can trigger a Clickjacking on OS X, in order to deceive the victim. [severity:2/4; CVE-2014-1539, MFSA 2014-50]

An attacker can use a freed memory area in Event Listener Manager, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1540, MFSA 2014-51]

An attacker can use a freed memory area in SMIL Animation Controller, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1541, MFSA 2014-52]

An attacker can generate a buffer overflow in Web Audio Speex Resampler, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1542, MFSA 2014-53]

An attacker can generate a buffer overflow in Gamepad API, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1543, MFSA 2014-54]

An attacker can therefore invite the victim to navigate on a malicious site, in order for example to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.