Sign-up

ID

VAR-201405-0238


CVE

CVE-2014-1344


TITLE

Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-002616

DESCRIPTION

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebKitGTK+ 3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3" All WebKitGTK+ 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2" References ========== [ 1 ] CVE-2014-1344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344 [ 2 ] CVE-2014-1384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384 [ 3 ] CVE-2014-1385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385 [ 4 ] CVE-2014-1386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386 [ 5 ] CVE-2014-1387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387 [ 6 ] CVE-2014-1388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388 [ 7 ] CVE-2014-1389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389 [ 8 ] CVE-2014-1390 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201601-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 Safari 6.1.4 and Safari 7.0.4 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1324 : Google Chrome Security Team CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1344 : Ian Beer of Google Project Zero CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.4 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTe6ELAAoJEBcWfLTuOo7tonoP/igNIR7SZEkRvtHHjHIqR2U5 a28aYgzjkALSYDppREpWPMIovnYKZAONabRMJ0r/3LFyl4juBSOsVyBCbUBg8Fpp GFCsc7x0jva8g1DtPtk/B299GXPBi8fOhEwUIilgTo0+y7ExrgA9wUjCdlWHwPQs Edbra42Q+52KU+NxWjyeJiPkBIy57p5P0XVnnS3tIxRLHxRed9O8GoNUHcwLhihd dV5NOBEUvW5Gy2yEhJLZIa64aPOPG3Rz7EA/0zCRiiusLyIGVdyTaOnL4AlHrgh8 BiiAgx3xFUqYiBqCnxAO3gy3CRWhmKukesDKIPmaV27E0cFQ+FkI990oCh8ZSCZg hi4q5j34mp44Uhr0O068hQyPaA70GAiUVgT/pB7fVS9Z9U0EOPhIvn1IybROP/44 ces9VWOzx9pjzR7OxRmk05mRijnlIQHNzSJp3/DpREDX1DvJxD2vfk8cYFPdweNR VPFs3acbgOMCpjPLGM3S5HdY/a2UWxolvwR13AnCQ0mFkiD6FsO3z2sgtHdnMkNi XNW7RMf/7+JesXcNiXYde5iDqE15OPTSWuiYNUHCz9WvSlJmOOSDAZ7F3YBWr+FR tMEB/TGWZiQmacNiGkY1F4YgF5SqeAHGYeJ2amSycO90+vTU+FLWPCiTWesmu1tG n/lA21kfHgTURqYVT+xA =kSr/ -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2014-1344 // JVNDB: JVNDB-2014-002616 // BID: 67553 // VULHUB: VHN-69283 // PACKETSTORM: 135409 // PACKETSTORM: 126780

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:6.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.1.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:7.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:safariscope:lteversion:6.1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:(windows)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:7.0.4

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x mavericks v10.9.3)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:6.1.4

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x mountain lion v10.8.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x lion v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x mountain lion v10.8.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x mavericks v10.9.3)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x lion server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x lion server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x lion v10.7.5)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.8

vendor:applemodel:safariscope:eqversion:6.1.3

Trust: 0.6

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:2.1

Trust: 0.3

sources: BID: 67553 // JVNDB: JVNDB-2014-002616 // CNNVD: CNNVD-201405-450 // NVD: CVE-2014-1344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1344
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1344
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-450
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69283
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1344
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69283
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69283 // JVNDB: JVNDB-2014-002616 // CNNVD: CNNVD-201405-450 // NVD: CVE-2014-1344

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-69283 // JVNDB: JVNDB-2014-002616 // NVD: CVE-2014-1344

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 135409 // CNNVD: CNNVD-201405-450

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-450

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002616

PATCH
title:HT6537url:http://support.apple.com/en-eu/HT6537
Trust: 0.8
title:HT6254url:http://support.apple.com/kb/HT6254
Trust: 0.8
title:HT6254url:http://support.apple.com/kb/HT6254?viewlocale=ja_JP
Trust: 0.8
title:HT6537url:http://support.apple.com/ja-jp/HT6537
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002616

EXTERNAL IDS
db:NVDid:CVE-2014-1344
Trust: 3.0
db:BIDid:67553
Trust: 1.4
db:JVNid:JVNVU98457223
Trust: 0.8
db:JVNid:JVNVU97537282
Trust: 0.8
db:JVNDBid:JVNDB-2014-002616
Trust: 0.8
db:CNNVDid:CNNVD-201405-450
Trust: 0.7
db:APPLEid:APPLE-SA-2014-05-21-1
Trust: 0.6
db:PACKETSTORMid:135409
Trust: 0.2
db:VULHUBid:VHN-69283
Trust: 0.1
db:PACKETSTORMid:126780
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69283 // 
            
            
            
            BID: 67553 // 
            
            
            
            JVNDB: JVNDB-2014-002616 // 
            
            
            
            PACKETSTORM: 135409 // 
            
            
            
            PACKETSTORM: 126780 // 
            
            
            
            CNNVD: CNNVD-201405-450 // 
            
            
            
            NVD: CVE-2014-1344

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html
Trust: 2.5
url:http://support.apple.com/kb/ht6254
Trust: 1.7
url:https://security.gentoo.org/glsa/201601-02
Trust: 1.2
url:http://www.securityfocus.com/bid/67553
Trust: 1.1
url:https://support.apple.com/kb/ht6537
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1344
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98457223/
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97537282/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=2014-1344
Trust: 0.8
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2014-1344
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2014-1388
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1384
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1387
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1389
Trust: 0.1
url:https://security.gentoo.org/
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1385
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1344
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1388
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1389
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1386
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1385
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1390
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1390
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1386
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1384
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1387
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1334
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1337
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1336
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1326
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1343
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1331
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1338
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1335
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1323
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2927
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1342
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1333
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1339
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1731
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1327
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2875
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1329
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1346
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1324
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1341
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1330
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69283 // 
            
            
            
            BID: 67553 // 
            
            
            
            JVNDB: JVNDB-2014-002616 // 
            
            
            
            PACKETSTORM: 135409 // 
            
            
            
            PACKETSTORM: 126780 // 
            
            
            
            CNNVD: CNNVD-201405-450 // 
            
            
            
            NVD: CVE-2014-1344

CREDITS
banty, Google Chrome Security Team, Apple, cloudfuzzer, Atte Kettunen of OUSPG, and Ian Beer of Google Project Zero
Trust: 0.3
sources:
            
            
            BID: 67553

SOURCES
db:VULHUBid:VHN-69283
db:BIDid:67553
db:JVNDBid:JVNDB-2014-002616
db:PACKETSTORMid:135409
db:PACKETSTORMid:126780
db:CNNVDid:CNNVD-201405-450
db:NVDid:CVE-2014-1344

LAST UPDATE DATE
2025-04-13T22:07:39.440000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69283date:2016-12-08T00:00:00
db:BIDid:67553date:2016-02-11T07:46:00
db:JVNDBid:JVNDB-2014-002616date:2014-11-20T00:00:00
db:CNNVDid:CNNVD-201405-450date:2014-07-17T00:00:00
db:NVDid:CVE-2014-1344date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69283date:2014-05-22T00:00:00
db:BIDid:67553date:2014-05-21T00:00:00
db:JVNDBid:JVNDB-2014-002616date:2014-05-26T00:00:00
db:PACKETSTORMid:135409date:2016-01-27T17:28:13
db:PACKETSTORMid:126780date:2014-05-22T20:22:22
db:CNNVDid:CNNVD-201405-450date:2014-05-26T00:00:00
db:NVDid:CVE-2014-1344date:2014-05-22T19:55:07.983