CVE-2014-8637

medium

Description

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

References

https://security.gentoo.org/glsa/201504-01

https://exchange.xforce.ibmcloud.com/vulnerabilities/99957

https://bugzilla.mozilla.org/show_bug.cgi?id=1094536

http://www.securitytracker.com/id/1031533

http://www.securityfocus.com/bid/72048

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.mozilla.org/security/announce/2014/mfsa2015-02.html

http://secunia.com/advisories/62790

http://secunia.com/advisories/62446

http://secunia.com/advisories/62418

http://secunia.com/advisories/62316

http://secunia.com/advisories/62253

http://secunia.com/advisories/62250

http://secunia.com/advisories/62242

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html

Details

Source: Mitre, NVD

Published: 2015-01-14

Updated: 2017-09-08

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium