CVE-2014-1524

Priority
Medium
Description
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox
before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and
SeaMonkey before 2.26 does not properly check whether objects are XBL
objects, which allows remote attackers to execute arbitrary code or cause a
denial of service (buffer overflow) via crafted JavaScript code that
accesses a non-XBL object as if it were an XBL object.
References
Assigned-to
chrisccoulson
Package
Upstream:released (24.5.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:24.5.0+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (1:24.5.0+build1-0ubuntu0.12.10.1)
Ubuntu 13.10 (Saucy Salamander):released (1:24.5.0+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:24.5.0+build1-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):not-affected
Package
Upstream:released (29.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (29.0+build1-0ubuntu0.12.04.2)
Ubuntu 12.10 (Quantal Quetzal):released (29.0+build1-0ubuntu0.12.10.3)
Ubuntu 13.10 (Saucy Salamander):released (29.0+build1-0ubuntu0.13.10.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (29.0+build1-0ubuntu0.14.04.2)
Ubuntu 14.10 (Utopic Unicorn):not-affected (29.0+build1-0ubuntu0.14.04.2)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-05 17:14:36 UTC (commit 8014)