1. CVE-Search
  2. CVE-2006-1993
ID CVE-2006-1993
Summary Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 18-10-2018 - 16:37)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
accepted 2009-11-09T04:00:11.490-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Mike Lah
    organization The MITRE Corporation
description Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
family windows
id oval:org.mitre.oval:def:1790
status accepted
submitted 2006-05-07T09:05:00.000-04:00
title Mozilla Deleted Object Reference When designMode="on"
version 4
refmap via4
bid 17671
bugtraq 20060424 Firefox Remote Code Execution and DoS 1.5.0.2
cert-vn VU#866300
confirm http://www.mozilla.org/security/announce/2006/mfsa2006-30.html
debian
  • DSA-1053
  • DSA-1055
gentoo GLSA-200605-06
hp
  • HPSBTU02118
  • HPSBUX02153
  • SSRT061145
  • SSRT061181
misc http://www.securident.com/vuln/ff.txt
sectrack 1015981
secunia
  • 19802
  • 20015
  • 20019
  • 20070
  • 20214
  • 22066
sreason 780
vupen
  • ADV-2006-1614
  • ADV-2006-1922
  • ADV-2006-3748
  • ADV-2008-0083
xf firefox-iframe-contentwindowfocus-bo(25994)
Last major update 18-10-2018 - 16:37
Published 25-04-2006 - 12:50
Last modified 18-10-2018 - 16:37
Back to Top