CVE-2014-1486

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

References

http://www.ubuntu.com/usn/USN-2119-1

http://download.novell.com/Download?buildid=Y2fux-JW1Qc

http://www.securitytracker.com/id/1029721

https://bugzilla.mozilla.org/show_bug.cgi?id=942164

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

http://www.securitytracker.com/id/1029717

https://8pecxstudios.com/?page_id=44080

http://rhn.redhat.com/errata/RHSA-2014-0132.html

http://secunia.com/advisories/56922

http://secunia.com/advisories/56787

http://www.securitytracker.com/id/1029720

http://secunia.com/advisories/56858

http://www.debian.org/security/2014/dsa-2858

http://secunia.com/advisories/56763

http://www.ubuntu.com/usn/USN-2102-2

http://rhn.redhat.com/errata/RHSA-2014-0133.html

https://security.gentoo.org/glsa/201504-01

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://osvdb.org/102872

http://download.novell.com/Download?buildid=VYQsgaFpQ2k

http://secunia.com/advisories/56888

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

http://secunia.com/advisories/56761

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

http://www.securityfocus.com/bid/65334

https://exchange.xforce.ibmcloud.com/vulnerabilities/90890

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

http://www.ubuntu.com/usn/USN-2102-1

http://secunia.com/advisories/56767

http://www.mozilla.org/security/announce/2014/mfsa2014-08.html

http://secunia.com/advisories/56706