[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2014-0518":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":34,"duplicates":35,"related":36,"reserved_at":9,"published_at":47,"modified_at":48,"state":9,"summary":49,"references_raw":51,"kevs":99,"epss":9,"epss_history":100,"metrics":101,"affected":102},"MGASA-2014-0518","Updated iceape package fixes security vulnerabilities\n\nWhen the oxygen-gtk was active and iceape tried to draw a menu (for \nexample after a mouse down event on the menu bar), a segmentation \nfault was triggered causing iceape to crash. The oxygen-gtk theme \nengine contains a solution for this problem, this is now enabled for \niceape. (MGA #12978)\n\nMozilla developers and community identified and fixed several memory \nsafety bugs in the browser engine used in Firefox and other \nMozilla-based products. Some of these bugs showed evidence of memory \ncorruption under certain circumstances, and we presume that with \nenough effort at least some of these could be exploited to run \narbitrary code. (CVE-2014-1587, CVE-2014-1588)\n\nA method was found to trigger chrome level XML Binding Language (XBL) \nbindings through web content. This was possible because some chrome \naccessible CSS stylesheets had their primary namespace improperly \ndeclared. When this occurred, it was possible to use these stylesheets \nto manipulate XBL bindings, allowing web content to bypass security \nrestrictions. This issue was limited to a specific set of stylesheets. \n(CVE-2014-1589)\n\nIn Iceape (seamonkey) before version 2.31, passing a JavaScript object \nto XMLHttpRequest that mimics an input stream will result in a crash. \nThis crash is not exploitable and can only be used for denial of \nservice attacks. (CVE-2014-1590)\n\nContent Security Policy (CSP) violation reports triggered by a \nredirect did not remove path information as required by the CSP \nspecification in Iceape (seamonkey) 2.30. This potentially reveals \ninformation about the redirect that would not otherwise be known to \nthe original site. This could be used by a malicious site to obtain \nsensitive information such as usernames or single-sign-on tokens \nencoded within the target URLs. (CVE-2014-1591)\n\nIn Iceape (seamonkey) before version 2.31, a use-after-free could be \ncreated by triggering the creation of a second root element while \nparsing HTML written to a document created with document.open(). This \nleads to a potentially exploitable crash. (CVE-2014-1592)\n\nA buffer overflow during the parsing of media content was found using \nthe Address Sanitizer tool. This leads to a potentially exploitable \ncrash. (CVE-2014-1593)\n\nA bad casting from the BasicThebesLayer to BasicContainerLayer \nresulted in undefined behavior. This behavior is potentially \nexploitable with some compilers but no clear mechanism to trigger it \nthrough web content was identified. (CVE-2014-1594)\n\nWhen chrome objects are protected by Chrome Object Wrappers (COW) and \nare passed as native interfaces, if this is done with some methods, \nnormally protected objects may be accessible to native methods exposed \nto web content. (CVE-2014-8631)\n\nWhen XrayWrappers filter object properties and validation of the \nobject initially occurs, one set of object properties will appear to \nbe available. Later, when the XrayWrappers are removed, a more \nexpansive set of properties is available. These are then stored \nwithout further validation, making these properties available and \nbypassing security protections that would normally protect them from \naccess. (CVE-2014-8632)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32],{"_key":15},"CVE-2014-1587",{"_key":17},"CVE-2014-1588",{"_key":19},"CVE-2014-1589",{"_key":21},"CVE-2014-1590",{"_key":23},"CVE-2014-1591",{"_key":25},"CVE-2014-1592",{"_key":27},"CVE-2014-1593",{"_key":29},"CVE-2014-1594",{"_key":31},"CVE-2014-8631",{"_key":33},"CVE-2014-8632",[],[],[37,38,39,40,41,42,43,44,45,46],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},"2014-12-09T20:12:41Z","2026-04-16T06:25:07.569420291Z",{"cisa_kev":50,"cisa_ransomware":50,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[52,58,63,67,71,75,79,83,87,91,95],{"url":53,"sources":54,"tags":56},"https://advisories.mageia.org/MGASA-2014-0518.html",[55],"osv_mageia",[57],"Advisory",{"url":59,"sources":60,"tags":61},"https://bugs.mageia.org/show_bug.cgi?id=14733",[55],[62],"REPORT",{"url":64,"sources":65,"tags":66},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/",[55],[62,57],{"url":68,"sources":69,"tags":70},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-84/",[55],[62,57],{"url":72,"sources":73,"tags":74},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-85/",[55],[62,57],{"url":76,"sources":77,"tags":78},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-86/",[55],[62,57],{"url":80,"sources":81,"tags":82},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-87/",[55],[62,57],{"url":84,"sources":85,"tags":86},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-88/",[55],[62,57],{"url":88,"sources":89,"tags":90},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-89/",[55],[62,57],{"url":92,"sources":93,"tags":94},"https://www.mozilla.org/en-US/security/advisories/mfsa2014-91/",[55],[62,57],{"url":96,"sources":97,"tags":98},"https://bugs.mageia.org/show_bug.cgi?id=12978",[55],[62],[],[],[],[103],{"ecosystem":104,"name":105,"vendor":106,"product":105,"cpe_part":9,"purl_type":107,"purl_namespace":106,"purl_name":105,"source":9,"versions":108},"Mageia","iceape","mageia","rpm",[109],{"version":110,"is_range":111,"range_type":112,"version_start":9,"version_start_type":9,"version_end":113,"version_end_type":114,"fixed_in":9},"lt2_31_3_mga4",true,"ecosystem","2.31-3.mga4","excluding"]