Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-pp1a-v6rw-a3g3
Vulnerability ID VCID-pp1a-v6rw-a3g3
Aliases CVE-2014-1528
Summary Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentially exploitable crash. This issue only affects Firefox 28 and Seamonkey 2.25 on Windows. Earlier versions of both products and installations on Linux and OS X were unaffected
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
epss 0.0126 https://api.first.org/data/v1/epss?cve=CVE-2014-1528
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2014-41
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1528.json
https://api.first.org/data/v1/epss?cve=CVE-2014-1528
1096585 https://bugzilla.redhat.com/show_bug.cgi?id=1096585
CVE-2014-1528 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1528
mfsa2014-41 https://www.mozilla.org/en-US/security/advisories/mfsa2014-41
USN-2185-1 https://usn.ubuntu.com/2185-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.79365
EPSS Score 0.0126
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:18:14.725436+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2014/mfsa2014-41.md 38.0.0