Mozilla Products: Use-after-free in the Text Track Manager for HTML video - CVE-2014-1525 (Mac OS X)| ID: oval:org.secpod.oval:def:17850 | Date: (C)2014-05-08 (M)2023-11-18 |
| Class: VULNERABILITY | Family: macos |
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.
| Platform: |
| Apple Mac OS 14 |
| Apple Mac OS 13 |
| Apple Mac OS 12 |
| Apple Mac OS 11 |
| Apple Mac OS X 10.15 |
| Apple Mac OS X 10.14 |
| Apple Mac OS X 10.13 |
| Apple Mac OS X 10.11 |
| Apple Mac OS X 10.12 |
| Product: |
| Mozilla SeaMonkey |
| Mozilla Firefox |
