Critical severity9.8NVD Advisory· Published Feb 6, 2014· Updated Apr 29, 2026
CVE-2014-1486
CVE-2014-1486
Description
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
Affected products
22- cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*+ 1 more
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
33- lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-0132.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-0133.htmlnvdThird Party Advisory
- www.debian.org/security/2014/dsa-2858nvdThird Party Advisory
- www.mozilla.org/security/announce/2014/mfsa2014-08.htmlnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/65334nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1029717nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1029720nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1029721nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2102-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2102-2nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2119-1nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/90890nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201504-01nvdThird Party Advisory
- download.novell.com/DownloadnvdBroken Link
- download.novell.com/DownloadnvdBroken Link
- osvdb.org/102872nvdBroken Link
- secunia.com/advisories/56706nvdBroken Link
- secunia.com/advisories/56761nvdBroken Link
- secunia.com/advisories/56763nvdBroken Link
- secunia.com/advisories/56767nvdBroken Link
- secunia.com/advisories/56787nvdBroken Link
- secunia.com/advisories/56858nvdBroken Link
- secunia.com/advisories/56888nvdBroken Link
- secunia.com/advisories/56922nvdBroken Link
- 8pecxstudios.comnvdBroken LinkURL Repurposed
News mentions
0No linked articles in our index yet.