CVE-2014-1567 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	31.1.0 (including)
Firefox	Mozilla	30.0 (including)	30.0 (including)
Firefox	Mozilla	31.0 (including)	31.0 (including)

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
http://secunia.com/advisories/60148
http://secunia.com/advisories/60186
http://secunia.com/advisories/61114
http://secunia.com/advisories/61390
http://www.debian.org/security/2014/dsa-3018
http://www.debian.org/security/2014/dsa-3028
http://www.mozilla.org/security/announce/2014/mfsa2014-72.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/69520
http://www.securitytracker.com/id/1030793
http://www.securitytracker.com/id/1030794
https://bugzilla.mozilla.org/show_bug.cgi?id=1037641
https://security.gentoo.org/glsa/201504-01

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-1567
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html