CVE-2014-1592

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Firefox; Seamonkey; Thunderbird
Vendor: CVE Published:; 11 December 2014

Summary

Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://www.securityfocus.com/bid/71398

vdb-entryx_refsource_BID

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Jan 16, 2014