Memory Corruption Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-1525

Currently unrated

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
30 April 2014

What is CVE-2014-1525?

A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox (prior to version 29.0) and SeaMonkey (prior to version 2.26). This flaw is related to improper garbage collection practices affecting Text Track Manager variables, allowing remote attackers to exploit this vulnerability by crafting a VIDEO element within an HTML document. Successful exploitation may lead to the execution of arbitrary code or result in a denial of service due to heap memory corruption.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.