CVE-2014-1564 — MEDIUM (4.3)

Q: How severe is CVE-2014-1564?

CVE-2014-1564 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1564?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Evergreen, Opensuse Opensuse, Mozilla Firefox, Mozilla Thunderbird.

Vulnerability Description

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensuse	Evergreen	11.4
Opensuse	Opensuse	12.3
Mozilla	Firefox	<= 31.1.0
Mozilla	Thunderbird	31.0

Related Weaknesses (CWE)

CWE-824

References

FAQ

What is CVE-2014-1564?

CVE-2014-1564 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive infor...

How severe is CVE-2014-1564?

CVE-2014-1564 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1564?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Evergreen, Opensuse Opensuse, Mozilla Firefox, Mozilla Thunderbird.