Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-06-02 19:02
Updated : 2024-02-28 10:42
NVD link : CVE-2006-2779
Mitre link : CVE-2006-2779
CVE.ORG link : CVE-2006-2779
JSON object : View
Products Affected
mozilla
- firefox
- thunderbird
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')