CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

Published: Mar 19, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1512
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
mozilla / seamonkey	-	2.25
mozilla / firefox_esr	24.0	24.4
mozilla / firefox	-	28.0
mozilla / thunderbird	-	24.4
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_server_eus	6.5	6.5.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_server_aus	6.5	6.5.x
redhat / enterprise_linux_server_tus	6.5	6.5.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_eus	6.5	6.5.x
opensuse / opensuse	12.3	12.3.x
suse / suse_linux_enterprise_software_development_kit	11.0-sp3	11.0-sp3.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	13.1	13.1.x
suse / suse_linux_enterprise_desktop	11-sp3	11-sp3.x
suse / suse_linux_enterprise_server	11-sp3	11-sp3.x

Vulnerability Database

289,599

CVE-2014-1512