CVE-2006-4253 in Firefoxinformação

Sumário (Inglês)

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

21/08/2006

Divulgação

21/08/2006

Estado

Confirmado

Inscrições

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadeCWEExpConCVE
2545Mozilla Firefox Text Display Elevação de Privilégios264Prova de conceitoCorreção oficialCVE-2006-4253
2544Mozilla Firefox AutoUpdate SSL Certificate Elevação de Privilégios264Prova de conceitoCorreção oficialCVE-2006-4253
2543Mozilla Firefox Javascript Regex Elevação de Privilégios264Prova de conceitoCorreção oficialCVE-2006-4253

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

Fontes

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!