Search for vulnerabilities
Vulnerability details: VCID-4ymv-58y7-kybh
Vulnerability ID VCID-4ymv-58y7-kybh
Aliases CVE-2014-1592
Summary Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss 0.01768 https://api.first.org/data/v1/epss?cve=CVE-2014-1592
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2014-87
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1592.json
https://api.first.org/data/v1/epss?cve=CVE-2014-1592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
1169208 https://bugzilla.redhat.com/show_bug.cgi?id=1169208
CVE-2014-1592 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
mfsa2014-87 https://www.mozilla.org/en-US/security/advisories/mfsa2014-87
RHSA-2014:1919 https://access.redhat.com/errata/RHSA-2014:1919
RHSA-2014:1924 https://access.redhat.com/errata/RHSA-2014:1924
USN-2424-1 https://usn.ubuntu.com/2424-1/
USN-2428-1 https://usn.ubuntu.com/2428-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.81855
EPSS Score 0.01768
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:44.928528+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-87.md 37.0.0