Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1273

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-1273
Last Modified 15 Nov 2008 12:00:00
Published 19 Mar 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1273

Summary

** DISPUTED ** Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.5.0.1


References

BUGTRAQ - 20060318 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)

BUGTRAQ - 20060317 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)

SREASON - 593

OSVDB - 31833


Last Updated: 27 May 2016 10:42:00