CVE-2014-1486

NameCVE-2014-1486
DescriptionUse-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2858-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedove (PTS)jessie1:52.3.0-4~deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icedovesourcesqueeze(unfixed)end-of-life
icedovesource(unstable)24.3.0-1
iceweaselsourcesqueeze(unfixed)end-of-life
iceweaselsourcewheezy24.3.0esr-1~deb7u1DSA-2858-1
iceweaselsource(unstable)24.3.0esr-1
Search for package or bug name: Reporting problems