CVE-2014-1525

Priority
Medium
Description
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0
and SeaMonkey before 2.26 does not properly perform garbage collection for
Text Track Manager variables, which allows remote attackers to execute
arbitrary code or cause a denial of service (use-after-free and heap memory
corruption) via a crafted VIDEO element in an HTML document.
References
Assigned-to
chrisccoulson
Package
Upstream:released (29.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (29.0+build1-0ubuntu0.12.04.2)
Ubuntu 12.10 (Quantal Quetzal):released (29.0+build1-0ubuntu0.12.10.3)
Ubuntu 13.10 (Saucy Salamander):released (29.0+build1-0ubuntu0.13.10.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (29.0+build1-0ubuntu0.14.04.2)
Ubuntu 14.10 (Utopic Unicorn):not-affected (29.0+build1-0ubuntu0.14.04.2)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-05 16:14:41 UTC (commit 8010)