CVE-2014-1577
Last modified
CVE-2014-1577 is a vulnerability of currently unknown severity. The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.. EPSS estimates a 2.84% chance of exploitation in the next 30 days.
Description
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 31.0 |
| Mozilla | Firefox | 31.1.0 |
| Mozilla | Thunderbird | 31.0 |
| Mozilla | Thunderbird | 31.1.0 |
| Mozilla | Firefox | <= 32.0 |
| Mozilla | Firefox | 30.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-1577?
How severe is CVE-2014-1577?
How do I fix CVE-2014-1577?
Are you affected by CVE-2014-1577?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST