[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5159Date: (C)2006-10-05   (M)2024-04-19


Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources"

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016962
SREASON-1678
http://www.securityfocus.com/archive/1/447497/100/0/threaded
http://www.securityfocus.com/archive/1/447493/100/0/threaded
BID-20282
BID-20294
firefox-multiple-javascript-bo(29317)
http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/
http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html

© SecPod Technologies