Mozilla Deleted Object Reference When designMode="on"ID: oval:org.mitre.oval:def:1790 | Date: (C)2006-05-07 (M)2024-03-27 |
Class: VULNERABILITY | Family: windows |
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2008 R2 |