CVE-2014-1595

{"id": "CVE-2014-1595", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-11T11:59:09.243", "references": [{"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html", "source": "security@mozilla.org"}, {"url": "http://support.apple.com/HT204244", "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-90.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "source": "security@mozilla.org"}, {"url": "http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1092855", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-199"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information."}, {"lang": "es", "value": "Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, y Thunderbird anterior a 31.3 en Apple OS X 10.10 omiten una acci\u00f3n del registro de la deshabilitaci\u00f3n de CoreGraphics que es necesario para las aplicaciones basadas en jemalloc, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de ficheros /tmp, tal y como fue demostrado por la informaci\u00f3n de credenciales."}], "lastModified": "2024-10-21T13:55:03.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22"}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11"}, {"criteria": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E8D7C7-B578-4623-9EA2-D13965DBE1F3"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8A2286E-9D1C-4B56-8B40-150201B818AF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9806D62C-E276-47AB-8675-8A3952D14B21", "versionEndIncluding": "31.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8A2286E-9D1C-4B56-8B40-150201B818AF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A24FFC6-737A-4EA6-88EB-5A80DC2DC8D6", "versionEndIncluding": "33.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8A2286E-9D1C-4B56-8B40-150201B818AF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mozilla.org"}