Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of the HTMLVideoElement interface in browsers such as Firefox and Firefox ESR is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using JavaScript, thereby modifying the media elements’ tables...

Mozilla Firefox and Firefox ESR HTMLVideoElement Interface Memory Error Vulnerability

Mozilla Firefox is an open source web browser. A memory error vulnerability exists in the Mozilla Firefox HTMLVideoElement interface, which allows remote attackers to modify the JavaScript code of the media element URI form to crash the application or execute arbitrary code...

Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106)

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...

UBUNTU-CVE-2015-4509

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...

CVE-2015-3417

Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...

Design/Logic Flaw

Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...

Memory corruption

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...