CVE-2014-1525

CVSS v2.0 9.3 (High)

EPSS 1.83 % (89^th)

Affected Products 5

Advisories 3

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.

Weaknesses

CWE-416: Use After Free
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2014-04-30 10:49:04
(10 years ago)
Updated Date: 2020-08-14 17:47:53
(4 years ago)

Affected Products

Canonical

Ubuntu Linux

Fedoraproject

Fedora

Mozilla

Opensuse

Opensuse

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 29.0 version	cpe:2.3:a:mozilla:firefox		< 29.0
	Mozilla Seamonkey prior 2.26 version	cpe:2.3:a:mozilla:seamonkey		< 2.26

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:esm
	Canonical Ubuntu Linux 12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10
	Canonical Ubuntu Linux 13.10	cpe:2.3:o:canonical:ubuntu_linux:13.10
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm

Configuration #3

		CPE23	From	Up To
	Opensuse 12.3	cpe:2.3:o:opensuse:opensuse:12.3
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1

Configuration #4

		CPE23	From	Up To
	Fedoraproject Fedora 19	cpe:2.3:o:fedoraproject:fedora:19