CVE Vulnerabilities

CVE-2014-1551

Published: Jul 23, 2014 | Modified: Jan 07, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 30.0
Firefox_esr Mozilla 24.0 24.0
Firefox_esr Mozilla 24.0.1 24.0.1
Firefox_esr Mozilla 24.0.2 24.0.2
Firefox_esr Mozilla 24.1.0 24.1.0
Firefox_esr Mozilla 24.1.1 24.1.1
Firefox_esr Mozilla 24.2 24.2
Firefox_esr Mozilla 24.3 24.3
Firefox_esr Mozilla 24.4 24.4
Firefox_esr Mozilla 24.5 24.5
Firefox_esr Mozilla 24.6 24.6
Thunderbird Mozilla * 24.6
Thunderbird Mozilla 24.0 24.0
Thunderbird Mozilla 24.0.1 24.0.1
Thunderbird Mozilla 24.1 24.1
Thunderbird Mozilla 24.1.1 24.1.1
Thunderbird Mozilla 24.2 24.2
Thunderbird Mozilla 24.3 24.3
Thunderbird Mozilla 24.4 24.4
Thunderbird Mozilla 24.5 24.5

References