Your submission was sent successfully! Close

CVE-2014-8640

Published: 14 January 2015

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end of life)
precise
Released (35.0+build3-0ubuntu0.12.04.2)
trusty Does not exist
(trusty was released [35.0+build3-0ubuntu0.14.04.2])
upstream
Released (35.0)
utopic
Released (35.0+build3-0ubuntu0.14.10.2)