Use-after-free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey
CVE-2014-1592

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox Esr
Firefox
Seamonkey
Thunderbird
Vendor
CVE Published:
11 December 2014

Summary

A use-after-free vulnerability exists in the nsHtml5TreeOperation function within xul.dll of Mozilla Firefox and its related products. This flaw can be exploited by remote attackers who craft a second root element during HTML5 document parsing, leading to the potential execution of arbitrary code. Affected versions include Mozilla Firefox prior to 34.0, Firefox ESR versions before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31. Users are encouraged to update to the latest versions to mitigate this risk.

References

http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/71398
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201504-01
vendor-advisoryx_refsource_GENTOO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-1592 : Use-after-free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey | SecurityVulnerability.io