VulnerableCode Package Details - pkg:mozilla/Firefox@34.0.0

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4vhr-24e3-d3d2	security update	CVE-2014-1593
VCID-5xuq-n3bu-1bbb	Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputted data being saved to a log file on the local system. This issue does not affect OS X users prior to 10.10. Users on OS X 10.10 should go to their /tmp folder and delete any files with names beginning with "CGLog_" followed by the name of a Mozilla product, such as "CGLog_firefox".	CVE-2014-1595
VCID-63hm-xmht-g3cp	security update	CVE-2014-1592
VCID-8s1b-yh8y-cbdk	security update	CVE-2014-1587
VCID-e1ef-b4f7-7yd8	security update	CVE-2014-1594
VCID-f7my-dd2c-mfex	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.	CVE-2014-1589
VCID-pnba-jmy3-2yfa	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.	CVE-2014-8632
VCID-qpzb-b3nx-m3cv	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.	CVE-2014-1591
VCID-vhpz-366r-hbg1	security update	CVE-2014-1590

Vulnerability

Summary

Aliases

VCID-4vhr-24e3-d3d2

security update

CVE-2014-1593

VCID-5xuq-n3bu-1bbb

Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputted data being saved to a log file on the local system. This issue does not affect OS X users prior to 10.10. Users on OS X 10.10 should go to their /tmp folder and delete any files with names beginning with "CGLog_" followed by the name of a Mozilla product, such as "CGLog_firefox".

CVE-2014-1595

VCID-63hm-xmht-g3cp

security update

CVE-2014-1592

VCID-8s1b-yh8y-cbdk

security update

CVE-2014-1587

VCID-e1ef-b4f7-7yd8

security update

CVE-2014-1594

VCID-f7my-dd2c-mfex

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.

CVE-2014-1589

VCID-pnba-jmy3-2yfa

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.

CVE-2014-8632

VCID-qpzb-b3nx-m3cv

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code.

CVE-2014-1591

VCID-vhpz-366r-hbg1

security update

CVE-2014-1590

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:18:17.137504+00:00	Mozilla Importer	Fixing	VCID-f7my-dd2c-mfex	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-84.md	38.0.0
2026-04-01T13:18:16.854171+00:00	Mozilla Importer	Fixing	VCID-8s1b-yh8y-cbdk	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-83.md	38.0.0
2026-04-01T13:18:16.406384+00:00	Mozilla Importer	Fixing	VCID-qpzb-b3nx-m3cv	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-86.md	38.0.0
2026-04-01T13:18:15.646460+00:00	Mozilla Importer	Fixing	VCID-4vhr-24e3-d3d2	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-88.md	38.0.0
2026-04-01T13:18:14.386129+00:00	Mozilla Importer	Fixing	VCID-63hm-xmht-g3cp	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-87.md	38.0.0
2026-04-01T13:18:14.249782+00:00	Mozilla Importer	Fixing	VCID-e1ef-b4f7-7yd8	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-89.md	38.0.0
2026-04-01T13:18:13.924200+00:00	Mozilla Importer	Fixing	VCID-pnba-jmy3-2yfa	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-91.md	38.0.0
2026-04-01T13:18:12.295537+00:00	Mozilla Importer	Fixing	VCID-vhpz-366r-hbg1	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-85.md	38.0.0
2026-04-01T13:18:11.329155+00:00	Mozilla Importer	Fixing	VCID-5xuq-n3bu-1bbb	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-90.md	38.0.0