CVE-2014-8637

CVE Database · CVE-2014-8637

CVE-2014-8637

· N/AModified

CVSS v3.1

N/A

EPSS

2.17%

Published

Jan 14, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

Weaknesses (CWE)

CWE-200

Affected Products (2)

mozilla · seamonkeyvulnerable

mozilla · firefoxvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html

http://secunia.com/advisories/62242