[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1993Date: (C)2006-04-25   (M)2024-03-27


Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015981
BID-17671
SECUNIA-19802
SECUNIA-20015
SECUNIA-20019
http://www.securityfocus.com/archive/1/431878/100/0/threaded
SECUNIA-20070
SECUNIA-20214
SECUNIA-22066
SREASON-780
ADV-2006-1614
ADV-2006-1922
ADV-2006-3748
ADV-2008-0083
DSA-1053
DSA-1055
GLSA-200605-06
SSRT061145
SSRT061181
VU#866300
firefox-iframe-contentwindowfocus-bo(25994)
http://www.mozilla.org/security/announce/2006/mfsa2006-30.html
http://www.securident.com/vuln/ff.txt
oval:org.mitre.oval:def:1790

CPE    1
cpe:/a:mozilla:firefox:1.5.0.2
CWE    1
CWE-399
OVAL    1
oval:org.mitre.oval:def:1790

© SecPod Technologies