(Pwn2Own) Apple Safari TextTrack Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Safari...

CVE-2014-1525

CVE-2014-1525 affects Mozilla Firefox before 29.0 and SeaMonkey before 2.26, due to improper garbage collection in mozilla::dom::TextTrack::AddCue, enabling remote attackers to trigger a use-after-free and heap memory corruption via a crafted HTML5 Video element. Consequences include possible rem...

CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

UBUNTU-CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...