CVE-2014-1531: Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5…

CVE-2014-1531 [HIGH] CWE-416 GHSA-8fx2-5vw6-974x: Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

CVE-2014-1518 [HIGH] thunderbird vulnerabilities thunderbird vulnerabilities Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1518) Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523) Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. If a user had enabled scripti

CVE-2014-1531 [HIGH] CVE-2014-1531: Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

[HIGH] firefox vulnerabilities firefox vulnerabilities Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519) An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1522) Abhishek Arya discovered an out of bounds re

CVE-2014-1518 [HIGH] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2014-1518) Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523) Abhishek Arya discovered a buffer overflow when a script u

CVE-2014-1518 [HIGH] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Firefox could be made to crash or run programs as your login if it opened a malicious website. Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519) An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code

CVE-2014-1531 [HIGH] CWE-416 Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44) Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44) Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

CVE-2014-1531 [HIGH] CVE-2014-1531 Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44) CVE-2014-1531 Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44) Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. External Reference: http://www.mozilla.org/security/announce/2014/mfsa2014-44.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter. Discussion: This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat En