Vulnerabilities > Use After Free

DATE CVE VULNERABILITY TITLE RISK
2014-03-19 CVE-2014-1512 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.
network
low complexity
mozilla debian canonical redhat suse opensuse CWE-416
critical
10.0
2014-02-14 CVE-2014-0322 Use After Free vulnerability in Microsoft Internet Explorer 10/9
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
network
low complexity
microsoft CWE-416
8.8
2014-02-06 CVE-2014-1486 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
network
low complexity
mozilla fedoraproject opensuse suse debian canonical redhat CWE-416
critical
9.8
2013-12-11 CVE-2013-5618 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
network
low complexity
mozilla fedoraproject suse opensuse canonical redhat CWE-416
critical
10.0
2013-12-11 CVE-2013-5616 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
7.5
2013-12-11 CVE-2013-5613 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.
network
low complexity
mozilla fedoraproject suse opensuse redhat canonical CWE-416
critical
10.0
2013-12-11 CVE-2013-5056 USE After Free vulnerability in Microsoft products
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."
network
microsoft CWE-416
critical
9.3
2013-11-20 CVE-2013-4560 USE After Free vulnerability in multiple products
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
network
low complexity
lighttpd debian opensuse CWE-416
5.0
2013-10-09 CVE-2013-3897 Use After Free vulnerability in Microsoft Internet Explorer
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-416
8.8
2013-05-15 CVE-2013-1312 USE After Free vulnerability in Microsoft Internet Explorer 10/9
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
network
microsoft CWE-416
critical
9.3