Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1993

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1993
Last Modified 07 Mar 2011 12:00:00
Published 25 Apr 2006 08:50:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1993

Summary

Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.

Vulnerable Systems

Application

  • Mozilla Firefox 1.5.0.2


References

CERT-VN - VU#866300

BID - 17671

SECUNIA - 19802

XF - firefox-iframe-contentwindowfocus-bo(25994)

VUPEN - ADV-2008-0083

VUPEN - ADV-2006-3748

VUPEN - ADV-2006-1922

VUPEN - ADV-2006-1614

HP - HPSBUX02153

HP - SSRT061145

BUGTRAQ - 20060424 Firefox Remote Code Execution and DoS 1.5.0.2

MISC - http://www.securident.com/vuln/ff.txt

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-30.html

GENTOO - GLSA-200605-06

DEBIAN - DSA-1055

DEBIAN - DSA-1053

SECTRACK - 1015981

SREASON - 780

SECUNIA - 22066

SECUNIA - 20214

SECUNIA - 20070

SECUNIA - 20019

SECUNIA - 20015

HP - SSRT061181

HP - HPSBTU02118


Last Updated: 27 May 2016 10:42:35