CVE-2006-1993 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1993
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1993

Description: Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25994 ST 1015981 SREASON http://securityreason.com/securityalert/780 SAID Secunia Advisory: SA20070 Secunia Advisory: SA20015 Secunia Advisory: SA20019 Secunia Advisory: SA19802 Secunia Advisory: SA20214 Secunia Advisory: SA22066 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1790 MISC http://www.securident.com/vuln/ff.txt HP http://www.securityfocus.com/archive/1/archive/1/434524/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml DEBIAN http://www.debian.org/security/2006/dsa-1053 http://www.debian.org/security/2006/dsa-1055 CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-30.html CERT-VN 866300 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/431878/100/0/threaded BID 17671

Return to the previous page.