Use-after-free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey
CVE-2014-1592

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox Esr
Firefox
Seamonkey
Thunderbird
Vendor
CVE Published:
11 December 2014

What is CVE-2014-1592?

A use-after-free vulnerability exists in the nsHtml5TreeOperation function within xul.dll of Mozilla Firefox and its related products. This flaw can be exploited by remote attackers who craft a second root element during HTML5 document parsing, leading to the potential execution of arbitrary code. Affected versions include Mozilla Firefox prior to 34.0, Firefox ESR versions before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31. Users are encouraged to update to the latest versions to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/71398
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201504-01
vendor-advisoryx_refsource_GENTOO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.