Release Date: | 2014-10-14 | |
Impact: | Moderate | What is this? |
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.
See more information about CVE-2014-1576 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
Base Score: | 5.1 |
Vector String: | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Version: | 2.0 |
Attack Vector: | Network |
Attack Complexity: | High |
Authentication: | None |
Confidentiality Impact: | Partial |
Integrity Impact: | Partial |
Availability Impact: | Partial |
Platform | Errata | Release Date |
Oracle Linux version 5 (firefox) | ELSA-2014-1635 | 2014-10-15 |
Oracle Linux version 6 (firefox) | ELSA-2014-1635 | 2014-10-15 |
Oracle Linux version 7 (firefox) | ELSA-2014-1635 | 2014-10-15 |
Oracle Linux version 7 (xulrunner) | ELSA-2014-1635 | 2014-10-15 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: