ByteOS Network

NVD Vulnerability Details :

CVE-2014-1577

Deferred

Source-security@mozilla.org

Published At-15 Oct, 2014 | 10:55

Updated At-12 Apr, 2025 | 10:46

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P

Type: Primary

Version: 2.0

Base score: 6.4

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html	security@mozilla.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html	security@mozilla.org	N/A
http://rhn.redhat.com/errata/RHSA-2014-1635.html	security@mozilla.org	N/A
http://rhn.redhat.com/errata/RHSA-2014-1647.html	security@mozilla.org	N/A
http://secunia.com/advisories/61387	security@mozilla.org	N/A
http://secunia.com/advisories/61854	security@mozilla.org	N/A
http://secunia.com/advisories/62021	security@mozilla.org	N/A
http://secunia.com/advisories/62022	security@mozilla.org	N/A
http://secunia.com/advisories/62023	security@mozilla.org	N/A
http://www.debian.org/security/2014/dsa-3050	security@mozilla.org	N/A
http://www.debian.org/security/2014/dsa-3061	security@mozilla.org	N/A
http://www.mozilla.org/security/announce/2014/mfsa2014-76.html	security@mozilla.org	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	security@mozilla.org	N/A
http://www.securityfocus.com/bid/70440	security@mozilla.org	N/A
http://www.securitytracker.com/id/1031028	security@mozilla.org	N/A
http://www.securitytracker.com/id/1031030	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2372-1	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2373-1	security@mozilla.org	N/A
https://advisories.mageia.org/MGASA-2014-0421.html	security@mozilla.org	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1012609	security@mozilla.org	N/A
https://security.gentoo.org/glsa/201504-01	security@mozilla.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://rhn.redhat.com/errata/RHSA-2014-1635.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://rhn.redhat.com/errata/RHSA-2014-1647.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/61387	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/61854	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/62021	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/62022	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/62023	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2014/dsa-3050	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2014/dsa-3061	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mozilla.org/security/announce/2014/mfsa2014-76.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/70440	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1031028	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1031030	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2372-1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2373-1	af854a3a-2127-422b-91ae-364da2661108	N/A
https://advisories.mageia.org/MGASA-2014-0421.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1012609	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.gentoo.org/glsa/201504-01	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1635.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1647.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/61387

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/61854

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/62021

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/62022

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/62023

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2014/dsa-3050

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2014/dsa-3061

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.mozilla.org/security/announce/2014/mfsa2014-76.html

Source: security@mozilla.org

Resource:

Vendor Advisory

Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/70440

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.securitytracker.com/id/1031028

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.securitytracker.com/id/1031030

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-2372-1

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-2373-1

Source: security@mozilla.org

Resource: N/A

Hyperlink: https://advisories.mageia.org/MGASA-2014-0421.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1012609

Source: security@mozilla.org

Resource: N/A

Hyperlink: https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html