{"id":"USN-2329-1","summary":"firefox vulnerabilities","details":"Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong,\nJesse Ruderman, JW Wang and David Weir discovered multiple memory safety\nissues in Firefox. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2014-1553,\nCVE-2014-1554, CVE-2014-1562)\n\nAbhishek Arya discovered a use-after-free during DOM interactions with\nSVG. If a user were tricked in to opening a specially crafted page, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1563)\n\nMichal Zalewski discovered that memory is not initialized properly during\nGIF rendering in some circumstances. If a user were tricked in to opening\na specially crafted page, an attacker could potentially exploit this to\nsteal confidential information. (CVE-2014-1564)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash or steal confidential information. (CVE-2014-1565)\n\nA use-after-free was discovered during text layout in some circumstances.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2014-1567)\n","modified":"2026-02-10T04:40:49Z","published":"2014-09-02T18:48:53Z","related":["UBUNTU-CVE-2014-1553","UBUNTU-CVE-2014-1554","UBUNTU-CVE-2014-1562","UBUNTU-CVE-2014-1563","UBUNTU-CVE-2014-1564","UBUNTU-CVE-2014-1565","UBUNTU-CVE-2014-1567"],"upstream":["CVE-2014-1553","CVE-2014-1554","CVE-2014-1562","CVE-2014-1563","CVE-2014-1564","CVE-2014-1565","CVE-2014-1567","UBUNTU-CVE-2014-1553","UBUNTU-CVE-2014-1554","UBUNTU-CVE-2014-1562","UBUNTU-CVE-2014-1563","UBUNTU-CVE-2014-1564","UBUNTU-CVE-2014-1565","UBUNTU-CVE-2014-1567"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2329-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1553"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1554"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1562"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1563"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1564"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1565"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-1567"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@32.0+build1-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"32.0+build1-0ubuntu0.14.04.1"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"firefox","binary_version":"32.0+build1-0ubuntu0.14.04.1"},{"binary_name":"firefox-dev","binary_version":"32.0+build1-0ubuntu0.14.04.1"},{"binary_name":"firefox-globalmenu","binary_version":"32.0+build1-0ubuntu0.14.04.1"},{"binary_name":"firefox-mozsymbols","binary_version":"32.0+build1-0ubuntu0.14.04.1"},{"binary_name":"firefox-testsuite","binary_version":"32.0+build1-0ubuntu0.14.04.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2014-1553","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-1554","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-1562","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-1563","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-1564","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-1565","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-1567","severity":[{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2329-1.json"}}],"schema_version":"1.7.3"}