Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox prior to 32.0, Firefox ESR 31.x prior to 31.1, and Thunderbird 31.x prior to 31.1 allows remote malicious users to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.1 |
||
opensuse evergreen 11.4 |
||
opensuse opensuse 12.3 |
||
oracle solaris 11.3 |
||
mozilla firefox 31.0 |
||
mozilla firefox 30.0 |
||
mozilla firefox esr 31.0 |
||
mozilla firefox |
||
mozilla thunderbird 31.0 |