What is CVE-2014-1509?

CVE-2014-1509 is a high-severity vulnerability in Mozilla Firefox, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.8/10. Published 2014-03-19.

How severe is CVE-2014-1509?

High severity. CVSS v3 base score is 8.8 out of 10.

Buffer overflow in Mozilla Firefox

CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary…

Vulnerability class: Buffer Overflow

EPSS: 0.008 (74.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Canonical Ubuntu_linux — versions 12.04, 12.10, 13.10
Opensuse — versions 11.4, 12.3, 13.1
Redhat Enterprise_linux_desktop — versions 5.0, 6.0
Redhat Enterprise_linux_eus — versions 6.5
Redhat Enterprise_linux_server — versions 5.0, 6.0
Redhat Enterprise_linux_server_aus — versions 6.5
Redhat Enterprise_linux_server_eus — versions 6.5

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

66425 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
RHSA-2014:0310 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
GLSA-201504-01 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
SUSE-SU-2014:0418 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
USN-2151-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
security@mozilla.org (x_refsource_CONFIRM, Exploit, Issue Tracking, Vendor Advisory)
openSUSE-SU-2014:0419 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
RHSA-2014:0316 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2014-1509?: CVE-2014-1509 is a high-severity vulnerability in Mozilla Firefox, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 8.8/10. Published 2014-03-19.
How severe is CVE-2014-1509?: High severity. CVSS v3 base score is 8.8 out of 10.