FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-1993

This CVE name corresponds to:

Entered Topic
2006-05-03 firefox -- denial of service vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-1993 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-1993
Phase Assigned(20060425)

Description

Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.

References

Source Reference
BUGTRAQ 20060424 Firefox Remote Code Execution and DoS 1.5.0.2
MISC http://www.securident.com/vuln/ff.txt
CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-30.html
DEBIAN DSA-1053
DEBIAN DSA-1055
GENTOO GLSA-200605-06
HP HPSBTU02118
HP SSRT061145
HP HPSBUX02153
HP SSRT061181
CERT-VN VU#866300
BID 17671
VUPEN ADV-2006-1614
VUPEN ADV-2006-1922
VUPEN ADV-2006-3748
VUPEN ADV-2008-0083
OVAL oval:org.mitre.oval:def:1790
SECTRACK 1015981
SECUNIA 19802
SECUNIA 20019
SECUNIA 20015
SECUNIA 20214
SECUNIA 20070
SECUNIA 22066
SREASON 780
XF firefox-iframe-contentwindowfocus-bo(25994)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.