CVSS 9.8 · CRITICAL
CVE-2014-1493
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
View on NVDSeverity
Score: 9.8(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE):
CWE-119EPSS
Probability of exploitation (next 30 days): 0.0147 (1.5%)
Percentile: 81.0%
EPSS: 2026-05-06
Affects
mozilla:firefoxmozilla:seamonkeymozilla:thunderbirdcanonical:ubuntu_linuxdebian:debian_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationsuse:suse_linux_enterprise_software_development_kitopensuse:opensusesuse:suse_linux_enterprise_desktopsuse:suse_linux_enterprise_serverTechnical description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Published: 3/19/2014, 10:55:06 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2014-0310.html
- http://rhn.redhat.com/errata/RHSA-2014-0316.html
- http://www.debian.org/security/2014/dsa-2881
- http://www.debian.org/security/2014/dsa-2911