Memory Corruption Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-1525
Currently unrated
What is CVE-2014-1525?
A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox (prior to version 29.0) and SeaMonkey (prior to version 2.26). This flaw is related to improper garbage collection practices affecting Text Track Manager variables, allowing remote attackers to exploit this vulnerability by crafting a VIDEO element within an HTML document. Successful exploitation may lead to the execution of arbitrary code or result in a denial of service due to heap memory corruption.