Launchpad.net

CVE 2014-1488

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

Related bugs and status

CVE-2014-1488 (Candidate) is related to these bugs:

Bug #469752: firefox,3.5/3.6 startup-notification bug

		In	Importance	Status
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu)	Medium	Invalid
469752	firefox,3.5/3.6 startup-notification bug	Mozilla Firefox	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Suse)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox (Ubuntu Lucid)	Medium	Fix Released
469752	firefox,3.5/3.6 startup-notification bug	firefox-3.5 (Ubuntu Lucid)	Medium	Invalid

Bug #1274468: Update to 27.0

Summary				In	Importance	Status
	1274468	Update to 27.0		firefox (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://8pecxstudios.c...
SUSE: SUSE-SU-2014:0248
UBUNTU: USN-2102-1
SECUNIA: 56706
SUSE: openSUSE-SU-2014:0212
UBUNTU: USN-2102-2
SUSE: openSUSE-SU-2014:0419
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201504-01
BID: 65321
OSVDB: 102875
SECTRACK: 1029717
SECTRACK: 1029720
SECUNIA: 56767
SECUNIA: 56787
SECUNIA: 56888
XF: firefox-cve20141488-do...