Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-1525

Опубликовано: 29 апр. 2014
Источник: redhat
CVSS2: 6.8

Описание

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1095070Mozilla: Use-after-free in the Text Track Manager for HTML video (MFSA 2014-39)

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-1525

ubuntu
больше 11 лет назад

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.

nvd логотип

CVE-2014-1525

nvd
больше 11 лет назад

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.

debian логотип

CVE-2014-1525

debian
больше 11 лет назад

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before ...

github логотип

GHSA-22m9-g4cq-h743

github
около 3 лет назад

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.

fstec логотип

BDU:2015-00678

fstec
больше 11 лет назад

Уязвимость программного обеспечения SeaMonkey, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

6.8 Medium

CVSS2