{"id":"USN-2185-1","summary":"firefox vulnerabilities","details":"Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij,\nJesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir\nVukicevic and Christian Holler discovered multiple memory safety issues in\nFirefox. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2014-1518, CVE-2014-1519)\n\nAn out of bounds read was discovered in Web Audio. An attacker could\npotentially exploit this cause a denial of service via application crash\nor execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2014-1522)\n\nAbhishek Arya discovered an out of bounds read when decoding JPG images.\nAn attacker could potentially exploit this to cause a denial of service\nvia application crash. (CVE-2014-1523)\n\nAbhishek Arya discovered a buffer overflow when a script uses a non-XBL\nobject as an XBL object. An attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1524)\n\nAbhishek Arya discovered a use-after-free in the Text Track Manager when\nprocessing HTML video. An attacker could potentially exploit this to cause\na denial of service via application crash or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1525)\n\nJukka Jylänki discovered an out-of-bounds write in Cairo when working\nwith canvas in some circumstances. An attacker could potentially exploit\nthis to cause a denial of service via application crash or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1528)\n\nMariusz Mlynski discovered that sites with notification permissions can\nrun script in a privileged context in some circumstances. An attacker\ncould exploit this to execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1529)\n\nIt was discovered that browser history navigations could be used to load\na site with the addressbar displaying the wrong address. An attacker could\npotentially exploit this to conduct cross-site scripting or phishing\nattacks. (CVE-2014-1530)\n\nA use-after-free was discovered when resizing images in some\ncircumstances. An attacker could potentially exploit this to cause a\ndenial of service via application crash or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2014-1531)\n\nChristian Heimes discovered that NSS did not handle IDNA domain prefixes\ncorrectly for wildcard certificates. An attacker could potentially exploit\nthis by using a specially crafted certificate to conduct a machine-in-the-middle\nattack. (CVE-2014-1492)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free during\nhost resolution in some circumstances. An attacker could potentially\nexploit this to cause a denial of service via application crash or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1532)\n\nBoris Zbarsky discovered that the debugger bypassed XrayWrappers for some\nobjects. If a user were tricked in to opening a specially crafted website\nwhilst using the debugger, an attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2014-1526)\n","modified":"2026-02-10T04:40:48Z","published":"2014-04-29T19:40:21Z","related":["UBUNTU-CVE-2014-1492","UBUNTU-CVE-2014-1518","UBUNTU-CVE-2014-1519","UBUNTU-CVE-2014-1522","UBUNTU-CVE-2014-1523","UBUNTU-CVE-2014-1524","UBUNTU-CVE-2014-1525","UBUNTU-CVE-2014-1526","UBUNTU-CVE-2014-1528","UBUNTU-CVE-2014-1529","UBUNTU-CVE-2014-1530","UBUNTU-CVE-2014-1531","UBUNTU-CVE-2014-1532"],"upstream":["CVE-2014-1492","CVE-2014-1518","CVE-2014-1519","CVE-2014-1522","CVE-2014-1523","CVE-2014-1524","CVE-2014-1525","CVE-2014-1526","CVE-2014-1528","CVE-2014-1529","CVE-2014-1530","CVE-2014-1531","CVE-2014-1532","UBUNTU-CVE-2014-1492","UBUNTU-CVE-2014-1518","UBUNTU-CVE-2014-1519","UBUNTU-CVE-2014-1522","UBUNTU-CVE-2014-1523","UBUNTU-CVE-2014-1524","UBUNTU-CVE-2014-1525","UBUNTU-CVE-2014-1526","UBUNTU-CVE-2014-1528","UBUNTU-CVE-2014-1529","UBUNTU-CVE-2014-1530","UBUNTU-CVE-2014-1531","UBUNTU-CVE-2014-1532"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2185-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1492"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1518"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1519"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1522"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1523"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1524"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1525"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1526"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1528"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1529"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1530"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1531"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1532"},{"type":"REPORT","url":"https://launchpad.net/bugs/1313464"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@29.0+build1-0ubuntu0.14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"29.0+build1-0ubuntu0.14.04.2"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"29.0+build1-0ubuntu0.14.04.2","binary_name":"firefox"},{"binary_version":"29.0+build1-0ubuntu0.14.04.2","binary_name":"firefox-dev"},{"binary_version":"29.0+build1-0ubuntu0.14.04.2","binary_name":"firefox-globalmenu"},{"binary_version":"29.0+build1-0ubuntu0.14.04.2","binary_name":"firefox-mozsymbols"},{"binary_version":"29.0+build1-0ubuntu0.14.04.2","binary_name":"firefox-testsuite"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1492"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1518"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1519"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1522"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1523"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1524"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1525"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1526"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1528"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1529"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1530"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1531"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-1532"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2185-1.json"}}],"schema_version":"1.7.3"}