Unrated severityNVD Advisory· Published Apr 30, 2014· Updated May 6, 2026
CVE-2014-1525
CVE-2014-1525
Description
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.
Affected products
9cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-05/msg00010.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-05/msg00033.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/59866nvdThird Party Advisory
- www.mozilla.org/security/announce/2014/mfsa2014-39.htmlnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
- www.securitytracker.com/id/1030163nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1030164nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2185-1nvdThird Party Advisory
- security.gentoo.org/glsa/201504-01nvdThird Party Advisory
News mentions
0No linked articles in our index yet.