CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

Published: Jan 14, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-8637
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
mozilla / seamonkey	-	2.31.x
mozilla / firefox	-	34.0.5.x

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
http://secunia.com/advisories/62242
http://secunia.com/advisories/62250
http://secunia.com/advisories/62253
http://secunia.com/advisories/62316
http://secunia.com/advisories/62418
http://secunia.com/advisories/62446
http://secunia.com/advisories/62790
http://www.mozilla.org/security/announce/2014/mfsa2015-02.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/72048
http://www.securitytracker.com/id/1031533
https://bugzilla.mozilla.org/show_bug.cgi?id=1094536
https://exchange.xforce.ibmcloud.com/vulnerabilities/99957
https://security.gentoo.org/glsa/201504-01

Vulnerability Database

289,599

CVE-2014-8637