CVE-2014-1556

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.

Published: Jul 23, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1556
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
mozilla / firefox_esr	24.5	24.5.x
mozilla / firefox_esr	24.2	24.2.x
mozilla / thunderbird	24.0.1	24.0.1.x
mozilla / thunderbird	24.2	24.2.x
mozilla / firefox_esr	24.0	24.0.x
mozilla / firefox_esr	24.0.2	24.0.2.x
mozilla / firefox_esr	24.1.0	24.1.0.x
mozilla / thunderbird	-	24.6.x
mozilla / firefox_esr	24.4	24.4.x
mozilla / firefox	-	30.0.x
mozilla / thunderbird	24.5	24.5.x
mozilla / firefox_esr	24.3	24.3.x
mozilla / thunderbird	24.1	24.1.x
mozilla / thunderbird	24.1.1	24.1.1.x
mozilla / thunderbird	24.4	24.4.x
mozilla / firefox_esr	24.0.1	24.0.1.x
mozilla / thunderbird	24.3	24.3.x
mozilla / thunderbird	24.0	24.0.x
mozilla / firefox_esr	24.6	24.6.x
mozilla / firefox_esr	24.1.1	24.1.1.x

Vulnerability Database

291,049

CVE-2014-1556