CVE-2014-1525 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-1525 Interim 1 23 2025-11-05T05:10:47Z current 2021-05-30T13:19:02Z 2025-11-05T05:10:47Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-1525 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LZWA5IC5L2QN74MAY2LDOH57OMCZY4GE/#LZWA5IC5L2QN74MAY2LDOH57OMCZY4GE E-Mail link for openSUSE-SU-2014:1100-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HI2RC7AJAHY74Q6MK7GNGWU6TITB22V/ E-Mail link for openSUSE-SU-2024:14572-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Desktop Applications 15 openSUSE Leap 15.0 openSUSE Tumbleweed MozillaFirefox MozillaFirefox-140.2.0-160000.1.2 MozillaFirefox-50.1.0-1.1 MozillaFirefox-52.7.3-1.35 MozillaFirefox-60.0-lp150.2.2 MozillaFirefox-branding-upstream-50.1.0-1.1 MozillaFirefox-buildsymbols-50.1.0-1.1 MozillaFirefox-devel-140.2.0-160000.1.2 MozillaFirefox-devel-50.1.0-1.1 MozillaFirefox-devel-52.7.3-1.35 MozillaFirefox-translations-common-140.2.0-160000.1.2 MozillaFirefox-translations-common-50.1.0-1.1 MozillaFirefox-translations-common-52.7.3-1.35 MozillaFirefox-translations-common-60.0-lp150.2.2 MozillaFirefox-translations-other-140.2.0-160000.1.2 MozillaFirefox-translations-other-50.1.0-1.1 MozillaFirefox-translations-other-52.7.3-1.35 MozillaFirefox-translations-other-60.0-lp150.2.2 firefox-esr-128.5.1-1.1 firefox-esr-branding-upstream-128.5.1-1.1 firefox-esr-translations-common-128.5.1-1.1 firefox-esr-translations-other-128.5.1-1.1 seamonkey-2.40-6.1 seamonkey-dom-inspector-2.40-6.1 seamonkey-irc-2.40-6.1 seamonkey-translations-common-2.40-6.1 seamonkey-translations-other-2.40-6.1 MozillaFirefox-52.7.3-1.35 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 MozillaFirefox-devel-52.7.3-1.35 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 MozillaFirefox-translations-common-52.7.3-1.35 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 MozillaFirefox-translations-other-52.7.3-1.35 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 MozillaFirefox-140.2.0-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 MozillaFirefox-devel-140.2.0-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 MozillaFirefox-translations-common-140.2.0-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 MozillaFirefox-translations-other-140.2.0-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 MozillaFirefox-60.0-lp150.2.2 as a component of openSUSE Leap 15.0 MozillaFirefox-translations-common-60.0-lp150.2.2 as a component of openSUSE Leap 15.0 MozillaFirefox-translations-other-60.0-lp150.2.2 as a component of openSUSE Leap 15.0 MozillaFirefox-50.1.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-50.1.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-buildsymbols-50.1.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-devel-50.1.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-50.1.0-1.1 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-50.1.0-1.1 as a component of openSUSE Tumbleweed firefox-esr-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-branding-upstream-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-translations-common-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-translations-other-128.5.1-1.1 as a component of openSUSE Tumbleweed seamonkey-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-dom-inspector-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-irc-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-translations-common-2.40-6.1 as a component of openSUSE Tumbleweed seamonkey-translations-other-2.40-6.1 as a component of openSUSE Tumbleweed MozillaFirefox as a component of SUSE Enterprise Storage 6 The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. CVE-2014-1525 SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-52.7.3-1.35 SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-52.7.3-1.35 SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-52.7.3-1.35 SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-52.7.3-1.35 SUSE Linux Enterprise Server 16.0:MozillaFirefox-140.2.0-160000.1.2 SUSE Linux Enterprise Server 16.0:MozillaFirefox-devel-140.2.0-160000.1.2 SUSE Linux Enterprise Server 16.0:MozillaFirefox-translations-common-140.2.0-160000.1.2 SUSE Linux Enterprise Server 16.0:MozillaFirefox-translations-other-140.2.0-160000.1.2 openSUSE Leap 15.0:MozillaFirefox-60.0-lp150.2.2 openSUSE Leap 15.0:MozillaFirefox-translations-common-60.0-lp150.2.2 openSUSE Leap 15.0:MozillaFirefox-translations-other-60.0-lp150.2.2 openSUSE Tumbleweed:MozillaFirefox-50.1.0-1.1 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-50.1.0-1.1 openSUSE Tumbleweed:MozillaFirefox-buildsymbols-50.1.0-1.1 openSUSE Tumbleweed:MozillaFirefox-devel-50.1.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-common-50.1.0-1.1 openSUSE Tumbleweed:MozillaFirefox-translations-other-50.1.0-1.1 openSUSE Tumbleweed:firefox-esr-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-branding-upstream-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-translations-common-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-translations-other-128.5.1-1.1 openSUSE Tumbleweed:seamonkey-2.40-6.1 openSUSE Tumbleweed:seamonkey-dom-inspector-2.40-6.1 openSUSE Tumbleweed:seamonkey-irc-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-common-2.40-6.1 openSUSE Tumbleweed:seamonkey-translations-other-2.40-6.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C