Launchpad.net

CVE 2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

Related bugs and status

CVE-2014-1531 (Candidate) is related to these bugs:

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
FEDORA: FEDORA-2014-5829
FEDORA: FEDORA-2014-5833
DEBIAN: DSA-2918
DEBIAN: DSA-2924
REDHAT: RHSA-2014:0448
REDHAT: RHSA-2014:0449
SUSE: SUSE-SU-2014:0665
SUSE: openSUSE-SU-2014:0602
SUSE: openSUSE-SU-2014:0640
UBUNTU: USN-2189-1
SUSE: openSUSE-SU-2014:0599
SUSE: openSUSE-SU-2014:0629
UBUNTU: USN-2185-1
SUSE: SUSE-SU-2014:0727
SECUNIA: 59866
SECTRACK: 1030163
SECTRACK: 1030164
SECTRACK: 1030165
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201504-01
BID: 67134