{"id":"USN-2243-1","summary":"firefox vulnerabilities","details":"Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de\nMooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor\nWagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1533,\nCVE-2014-1534)\n\nAbhishek Arya discovered multiple use-after-free and out-of-bounds read\nissues in Firefox. An attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code with\nthe priviliges of the user invoking Firefox. (CVE-2014-1536,\nCVE-2014-1537, CVE-2014-1538)\n\nTyson Smith and Jesse Schwartzentruber discovered a use-after-free in the\nevent listener manager. An attacker could potentially exploit this to\ncause a denial of service via application crash or execute arbitrary code\nwith the priviliges of the user invoking Firefox. (CVE-2014-1540)\n\nA use-after-free was discovered in the SMIL animation controller. An\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2014-1541)\n\nHolger Fuhrmannek discovered a buffer overflow in Web Audio. An attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the priviliges of the\nuser invoking Firefox. (CVE-2014-1542)\n","modified":"2026-04-22T08:53:13.854645Z","published":"2014-06-11T12:25:51Z","related":["UBUNTU-CVE-2014-1533","UBUNTU-CVE-2014-1534","UBUNTU-CVE-2014-1536","UBUNTU-CVE-2014-1537","UBUNTU-CVE-2014-1538","UBUNTU-CVE-2014-1540","UBUNTU-CVE-2014-1541","UBUNTU-CVE-2014-1542"],"upstream":["CVE-2014-1533","CVE-2014-1534","CVE-2014-1536","CVE-2014-1537","CVE-2014-1538","CVE-2014-1540","CVE-2014-1541","CVE-2014-1542","UBUNTU-CVE-2014-1533","UBUNTU-CVE-2014-1534","UBUNTU-CVE-2014-1536","UBUNTU-CVE-2014-1537","UBUNTU-CVE-2014-1538","UBUNTU-CVE-2014-1540","UBUNTU-CVE-2014-1541","UBUNTU-CVE-2014-1542"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2243-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1533"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1534"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1536"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1537"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1538"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1540"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1541"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1542"},{"type":"REPORT","url":"https://launchpad.net/bugs/1326690"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@30.0+build1-0ubuntu0.14.04.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"30.0+build1-0ubuntu0.14.04.3"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"firefox","binary_version":"30.0+build1-0ubuntu0.14.04.3"},{"binary_name":"firefox-globalmenu","binary_version":"30.0+build1-0ubuntu0.14.04.3"},{"binary_name":"firefox-mozsymbols","binary_version":"30.0+build1-0ubuntu0.14.04.3"},{"binary_name":"firefox-testsuite","binary_version":"30.0+build1-0ubuntu0.14.04.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2243-1.json","cves_map":{"cves":[{"id":"CVE-2014-1533","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-1534","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-1536","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-1537","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-1538","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-1540","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-1541","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-1542","severity":[{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}