CVE-2014-8640CVE-2014-8640

Affected configuration(s):

cpe:/a:mozilla:firefox:34.0.5
cpe:/a:mozilla:seamonkey:2.31
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2

Date published: 2015-01-14T06:59:08.697-05:00

Date last modified: 2017-09-07T21:29:26.310-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html

Summary: The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.