LOW🇬🇧 English

CVE-2014-1595

CVSS 2.1v2.0pub. 2014-12-11upd. 2026-05-06

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.

oryginał EN
CVSS Vector
AV:L/AC:L/Au:N/C:P/I:N/A:N
  • Apple Mac Os X

    OS
    Apple
    10.10.0
  • Mozilla Firefox

    APP
    Mozilla
    31.031.1.031.1.1≤ 33.0
  • Mozilla Firefox Esr

    APP
    Mozilla
    31.2
  • Mozilla Thunderbird

    APP
    Mozilla
    ≤ 31.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2021-1871CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2021-1870CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...