Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2014-12-11 03:59
Updated : 2016-10-03 19:01
NVD link : CVE-2014-1595
Mitre link : CVE-2014-1595
JSON object : View
CWE
CWE-199
Information Management Errors
Products Affected
apple
- mac_os_x
mozilla
- firefox_esr
- firefox
- thunderbird