CVE-2014-4459 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	6.0 (including)	6.2.1 (excluding)
Safari	Apple	7.0 (including)	7.1.1 (excluding)
Safari	Apple	8.0 (including)	8.0.1 (excluding)

References

http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
http://secunia.com/advisories/62503
http://support.apple.com/HT204245
http://support.apple.com/HT204246
http://support.apple.com/kb/HT6596
http://www.securityfocus.com/bid/71144
http://www.securitytracker.com/id/1031230
https://exchange.xforce.ibmcloud.com/vulnerabilities/98784
https://support.apple.com/en-us/HT204419
https://support.apple.com/en-us/HT6591
https://support.apple.com/kb/HT204949

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-4459
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html