Fluid Attacks Database

Description

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	xulrunner	<0:24.7.0-1.el7_0	0:24.7.0-1.el7_0
rpm rhel5	thunderbird	<0:24.7.0-1.el5_10	0:24.7.0-1.el5_10
rpm rhel6	thunderbird	<0:24.7.0-1.el6_5	0:24.7.0-1.el6_5
rpm rhel7	firefox	<0:24.7.0-1.el7_0	0:24.7.0-1.el7_0
rpm rhel5	firefox	<0:24.7.0-1.el5_10	0:24.7.0-1.el5_10
rpm rhel6	firefox	<0:24.7.0-1.el6_5	0:24.7.0-1.el6_5

Aliases

1. CVE-2014-15552. NVD-2014-15553. OSV-2014-1555

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.