VulnerableCode Vulnerability Details - VCID-4ymv-58y7-kybh

Search for vulnerabilities

Vulnerability details: VCID-4ymv-58y7-kybh

Essentials
Severities (17)
References (10)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4ymv-58y7-kybh
Aliases	CVE-2014-1592
Summary	Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

System	Score	Found at
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
epss	0.01768	https://api.first.org/data/v1/epss?cve=CVE-2014-1592
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2014-87

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1592.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-1592
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
1169208		https://bugzilla.redhat.com/show_bug.cgi?id=1169208
CVE-2014-1592		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
mfsa2014-87		https://www.mozilla.org/en-US/security/advisories/mfsa2014-87
RHSA-2014:1919		https://access.redhat.com/errata/RHSA-2014:1919
RHSA-2014:1924		https://access.redhat.com/errata/RHSA-2014:1924
USN-2424-1		https://usn.ubuntu.com/2424-1/
USN-2428-1		https://usn.ubuntu.com/2428-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.81855
EPSS Score	0.01768
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:10:44.928528+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-87.md	37.0.0