Endpoint Vulnerability

Use-after-free in the Text Track Manager for HTML video

Description

Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a potentially exploitable crash.

Affected Products

Firefox

References

CVE-2014-1525,