CVE-2006-1993

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-1993
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.

5.1 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/19802 Patch Vendor Advisory
http://secunia.com/advisories/20015 Vendor Advisory
http://secunia.com/advisories/20019 Vendor Advisory
http://secunia.com/advisories/20070 Vendor Advisory
http://secunia.com/advisories/20214 Vendor Advisory
http://secunia.com/advisories/22066 Vendor Advisory
http://securityreason.com/securityalert/780
http://securitytracker.com/id?1015981 Exploit
http://www.debian.org/security/2006/dsa-1053
http://www.debian.org/security/2006/dsa-1055
http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml
http://www.kb.cert.org/vuls/id/866300 Third Party Advisory US Government Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-30.html Vendor Advisory
http://www.securident.com/vuln/ff.txt Exploit
http://www.securityfocus.com/archive/1/431878/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/17671 Exploit Patch
http://www.vupen.com/english/advisories/2006/1614 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1922 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3748 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25994
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790
http://secunia.com/advisories/19802 Patch Vendor Advisory
http://secunia.com/advisories/20015 Vendor Advisory
http://secunia.com/advisories/20019 Vendor Advisory
http://secunia.com/advisories/20070 Vendor Advisory
http://secunia.com/advisories/20214 Vendor Advisory
http://secunia.com/advisories/22066 Vendor Advisory
http://securityreason.com/securityalert/780
http://securitytracker.com/id?1015981 Exploit
http://www.debian.org/security/2006/dsa-1053
http://www.debian.org/security/2006/dsa-1055
http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml
http://www.kb.cert.org/vuls/id/866300 Third Party Advisory US Government Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-30.html Vendor Advisory
http://www.securident.com/vuln/ff.txt Exploit
http://www.securityfocus.com/archive/1/431878/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/17671 Exploit Patch
http://www.vupen.com/english/advisories/2006/1614 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1922 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3748 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25994
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:10

Type Values Removed Values Added
References () http://secunia.com/advisories/19802 - Patch, Vendor Advisory () http://secunia.com/advisories/19802 - Patch, Vendor Advisory
References () http://secunia.com/advisories/20015 - Vendor Advisory () http://secunia.com/advisories/20015 - Vendor Advisory
References () http://secunia.com/advisories/20019 - Vendor Advisory () http://secunia.com/advisories/20019 - Vendor Advisory
References () http://secunia.com/advisories/20070 - Vendor Advisory () http://secunia.com/advisories/20070 - Vendor Advisory
References () http://secunia.com/advisories/20214 - Vendor Advisory () http://secunia.com/advisories/20214 - Vendor Advisory
References () http://secunia.com/advisories/22066 - Vendor Advisory () http://secunia.com/advisories/22066 - Vendor Advisory
References () http://securityreason.com/securityalert/780 - () http://securityreason.com/securityalert/780 -
References () http://securitytracker.com/id?1015981 - Exploit () http://securitytracker.com/id?1015981 - Exploit
References () http://www.debian.org/security/2006/dsa-1053 - () http://www.debian.org/security/2006/dsa-1053 -
References () http://www.debian.org/security/2006/dsa-1055 - () http://www.debian.org/security/2006/dsa-1055 -
References () http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml - () http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml -
References () http://www.kb.cert.org/vuls/id/866300 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/866300 - Third Party Advisory, US Government Resource
References () http://www.mozilla.org/security/announce/2006/mfsa2006-30.html - Vendor Advisory () http://www.mozilla.org/security/announce/2006/mfsa2006-30.html - Vendor Advisory
References () http://www.securident.com/vuln/ff.txt - Exploit () http://www.securident.com/vuln/ff.txt - Exploit
References () http://www.securityfocus.com/archive/1/431878/100/0/threaded - () http://www.securityfocus.com/archive/1/431878/100/0/threaded -
References () http://www.securityfocus.com/archive/1/434524/100/0/threaded - () http://www.securityfocus.com/archive/1/434524/100/0/threaded -
References () http://www.securityfocus.com/archive/1/446658/100/200/threaded - () http://www.securityfocus.com/archive/1/446658/100/200/threaded -
References () http://www.securityfocus.com/bid/17671 - Exploit, Patch () http://www.securityfocus.com/bid/17671 - Exploit, Patch
References () http://www.vupen.com/english/advisories/2006/1614 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1614 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1922 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1922 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/3748 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/3748 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/0083 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/0083 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/25994 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/25994 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790 -
Information

Published : 2006-04-25 12:50

Updated : 2024-11-21 00:10

NVD link : CVE-2006-1993

Mitre link : CVE-2006-1993

CVE.ORG link : CVE-2006-1993

JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-399

Resource Management Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024