CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.

Published: Jul 23, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1551
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	30.0.x
mozilla / firefox_esr	24.0	24.0.x
mozilla / firefox_esr	24.0.1	24.0.1.x
mozilla / firefox_esr	24.0.2	24.0.2.x
mozilla / firefox_esr	24.1.0	24.1.0.x
mozilla / firefox_esr	24.1.1	24.1.1.x
mozilla / firefox_esr	24.2	24.2.x
mozilla / firefox_esr	24.3	24.3.x
mozilla / firefox_esr	24.4	24.4.x
mozilla / firefox_esr	24.5	24.5.x
mozilla / firefox_esr	24.6	24.6.x
mozilla / thunderbird	-	24.6.x
mozilla / thunderbird	24.0	24.0.x
mozilla / thunderbird	24.0.1	24.0.1.x
mozilla / thunderbird	24.1	24.1.x
mozilla / thunderbird	24.1.1	24.1.1.x
mozilla / thunderbird	24.2	24.2.x
mozilla / thunderbird	24.3	24.3.x
mozilla / thunderbird	24.4	24.4.x
mozilla / thunderbird	24.5	24.5.x

Vulnerability Database

291,049

CVE-2014-1551