Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Suse_linux_enterprise_software_development_kit | Novell | 12.0 (including) | 12.0 (including) |
| Suse_linux_enterprise_desktop | Novell | 12.0 (including) | 12.0 (including) |
| Suse_linux_enterprise_server | Novell | 12.0 (including) | 12.0 (including) |
| Opensuse | Opensuse | 13.1 (including) | 13.1 (including) |
| Opensuse | Opensuse | 13.2 (including) | 13.2 (including) |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:38.0-4.el5_11 | * |
| Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:31.7.0-1.el5_11 | * |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:38.0-4.el6_6 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:31.7.0-1.el6_6 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:38.0-3.ael7b_1 | * |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:31.7.0-1.ael7b_1 | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | utopic | * |
| Firefox | Ubuntu | vivid | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | precise | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | utopic | * |
| Thunderbird | Ubuntu | vivid | * |