CVE-2014-1525

CWE-416 — Use After Free CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

9.3CRITICAL

EPSS

1.9%

top 16.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +2 more

Timeline

PublishedApr 30

Latest updateMay 13

Description

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox< 29.0

▶NVDmozilla/seamonkey< 2.26

▶Ubuntufirefox< 29.0+build1-0ubuntu0.14.04.2

▶NVDopensuse/opensuse12.3, 13.1+1

Also affects: Fedora 19, Ubuntu Linux 12.04, 12.10, 13.10, 14.04

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-22m9-g4cq-h743: The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29↗2022-05-13

▶

CVEList

CVE-2014-1525: The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29↗2014-04-30

▶

OSV

CVE-2014-1525: The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29↗2014-04-29

▶

📋Vendor Advisories

Red Hat

Mozilla: Use-after-free in the Text Track Manager for HTML video (MFSA 2014-39)↗2014-04-29

▶

Ubuntu

Firefox vulnerabilities↗2014-04-29

▶

💬Community

Bugzilla

CVE-2014-1525 Mozilla: Use-after-free in the Text Track Manager for HTML video (MFSA 2014-39)↗2014-05-07

▶