KLA10119
Multiple vulnerabilities in Mozilla
Updated: 11/15/2018
CVSS
?
10.0
Detect date
?
07/22/2014
Severity
?
Critical
Description

An unspecified vulnerability was found in Clam Anti-virus. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited locally at a point related to the OLE2 parser via a specially designed file. Below is a complete list of vulnerabilities

  1. Improper handling of discarded data can be exploited remotely via specially designed image scaling;
  2. A use-after-free vulnerability can be exploited remotely at vectors related to libnss3.so, nsDocLoader and FontTableRec;
  3. An unknown vulnerability can be exploited remotely via specially designed WebGl content;
  4. Multiple unknown vulnerabilities can be exploited by unknown vectors.
Affected products

Mozilla Firefox ESR 24.6.0 and earlier
Mozilla Firefox 30.0 and earlier
Waterfox Firefox 30.0 and earlier
Mozilla Thunderbird 30.0 and earlier
CometBird all versions  

Solution

Update to latest version
Thunderbird
Firefox

Original advisories

MFSA

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
CVE-IDS
?

CVE-2014-1547
CVE-2014-1548
CVE-2014-1555
CVE-2014-1551
CVE-2014-1544
CVE-2014-1556
CVE-2014-1557