Unrated severityNVD Advisory· Published Dec 11, 2014· Updated May 6, 2026

CVE-2014-1594

Description

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=31.2
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <=2.30
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <=31.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2014/mfsa2014-89.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.htmlnvd
www.debian.org/security/2014/dsa-3090nvd
www.debian.org/security/2014/dsa-3092nvd
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvd
www.securityfocus.com/bid/71396nvd
bugzilla.mozilla.org/show_bug.cginvd
security.gentoo.org/glsa/201504-01nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000