Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,165)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-0756 4Canonical MozillaOpensuse+1 more 9Firefox Linux Enterprise DesktopLinux Enterprise Server+6 more Apr 29, 2026 Jan 13, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows re...Show more Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection.Show less
CVE-2013-0755 4Canonical MozillaOpensuse+1 more 9Firefox Linux Enterprise DesktopLinux Enterprise Server+6 more Apr 29, 2026 Jan 13, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaM...Show more Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.Show less
CVE-2013-0754 5Canonical MozillaOpensuse+2 more 14Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+11 more Apr 29, 2026 Jan 13, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 an...Show more Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.Show less
CVE-2013-0753 5Canonical MozillaOpensuse+2 more 14Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+11 more Apr 29, 2026 Jan 13, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thund...Show more Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.Show less
CVE-2013-0744 5Canonical MozillaOpensuse+2 more 14Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+11 more Apr 29, 2026 Jan 13, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunder...Show more Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.Show less
CVE-2012-4792 1Microsoft 1Internet Explorer Apr 22, 2026 Dec 30, 2012 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2...Show more Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.Show less
CVE-2012-5140 2Google Opensuse 2Chrome Opensuse Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
CVE-2012-5139 2Google Opensuse 2Chrome Opensuse Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
CVE-2012-4787 1Microsoft 1Internet Explorer Apr 29, 2026 Dec 12, 2012 N/A· v4 9.0 CRITICAL· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2)...Show more Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."Show less
CVE-2012-5137 2Google Opensuse 2Chrome Opensuse Apr 29, 2026 Dec 4, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
CVE-2012-5133 2Google Opensuse 2Chrome Opensuse Apr 29, 2026 Nov 28, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
CVE-2012-5840 5Canonical MozillaOpensuse+2 more 13Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+10 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey b...Show more Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.Show less
CVE-2012-5830 5Canonical MozillaOpensuse+2 more 14Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+11 more Apr 29, 2026 Nov 21, 2012 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to...Show more Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.Show less
CVE-2012-4218 4Canonical MozillaOpensuse+1 more 8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code...Show more Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less
CVE-2012-4217 4Canonical MozillaOpensuse+1 more 9Firefox Linux Enterprise DesktopLinux Enterprise Server+6 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or ca...Show more Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less
CVE-2012-4216 6Canonical DebianMozilla+3 more 14Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+11 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14...Show more Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less
CVE-2012-4215 5Canonical MozillaOpensuse+2 more 13Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+10 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMon...Show more Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less
CVE-2012-4214 5Canonical MozillaOpensuse+2 more 13Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+10 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey b...Show more Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.Show less
CVE-2012-4213 4Canonical MozillaOpensuse+1 more 9Firefox Linux Enterprise DesktopLinux Enterprise Server+6 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a deni...Show more Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less
CVE-2012-4212 4Canonical MozillaOpensuse+1 more 8Firefox Linux Enterprise DesktopLinux Enterprise Server+5 more Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial o...Show more Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Show less

Previous 1...349350351...359 Next