Home

CVE-2014-1522

Description

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.

Risk Information

Base Score
9.6
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.762

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 28.0Windows
Multiple Vulnerabilities are affected in Mozilla Firefox 28.0Windows
Multiple Vulnerabilities are affected in SeaMonkey 2.26Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 28.99Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 28.99Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (129.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (129.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (129.0.2)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 28.0Mac
Multiple Vulnerabilities are affected in SeaMonkey For Mac 2.25-beta3Mac
Mozilla Open Source web browser (USN-2185-1) firefox_43.0+build1-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2185-1) firefox_43.0+build1-0ubuntu0.14.04.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-341197SeaMonkey (2.53.19)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611088SeaMonkey For Mac (2.53.21)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234