CVE-2014-1512

Firefox < 28.0 - Use-After-Free in TypeObject Class

Title source: llm

Description

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

References (15)

Core 15

Core References

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2014/mfsa2014-30.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0310.html

Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=982957

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2911

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201504-01

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2151-1

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2881

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0316.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

Broken Link mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66209

Scores

EPSS 0.1293

EPSS Percentile 94.2%

Details

CWE

CWE-416

Status published

Products (24)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

canonical/ubuntu_linux 13.10

debian/debian_linux 7.0

debian/debian_linux 8.0

mozilla/firefox < 28.0

mozilla/seamonkey < 2.25

mozilla/thunderbird < 24.4

opensuse/opensuse 11.4

opensuse/opensuse 12.3

... and 14 more

Published Mar 19, 2014

Tracked Since Feb 18, 2026