Rapid7 Vulnerability & Exploit Database

USN-2372-1: Firefox vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-2372-1: Firefox vulnerabilities

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

10/14/2014

Created

07/25/2018

Added

10/16/2014

Modified

07/09/2020

Description

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

Solution(s)

ubuntu-upgrade-firefox

References

https://attackerkb.com/topics/cve-2014-1574
70424
70425
70426
70427
70428
70430
70431
70432
70434
70436
70439
70440
CVE - 2014-1574
CVE - 2014-1575
CVE - 2014-1576
CVE - 2014-1577
CVE - 2014-1578
CVE - 2014-1580
CVE - 2014-1581
CVE - 2014-1582
CVE - 2014-1583
CVE - 2014-1584
CVE - 2014-1585
CVE - 2014-1586
DSA-3050
DSA-3061
RHSA-2014:1635
RHSA-2014:1647
USN-2372-1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;