Unrated severityNVD Advisory· Published Sep 3, 2014· Updated May 6, 2026
CVE-2014-1563
CVE-2014-1563
Description
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.
Affected products
8- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=31.1.0
- cpe:2.3:a:mozilla:firefox:30.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:31.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-09/msg00011.htmlnvdThird Party Advisory
- www.mozilla.org/security/announce/2014/mfsa2014-68.htmlnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlnvd
- secunia.com/advisories/60148nvd
- secunia.com/advisories/61114nvd
- www.securityfocus.com/bid/69523nvd
- www.securitytracker.com/id/1030793nvd
- www.securitytracker.com/id/1030794nvd
- security.gentoo.org/glsa/201504-01nvd
News mentions
0No linked articles in our index yet.