Mozilla Foundation Security Advisory 2014-39

Use-after-free in the Text Track Manager for HTML video

Announced
April 29, 2014
Reporter
Abhishek Arya
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 29
  • SeaMonkey 2.26

Description

Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References