7.6

CVE-2006-4253

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
K-meleon ProjectK-meleon Version1.0.1
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
NetscapeNavigator Version8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.07% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
http://secunia.com/advisories/22210
Vendor Advisory
http://www.ubuntu.com/usn/usn-354-1
http://secunia.com/advisories/22055
Vendor Advisory
http://www.ubuntu.com/usn/usn-350-1
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://secunia.com/advisories/22036
Vendor Advisory
http://lcamtuf.coredump.cx/ffoxdie.html
http://lcamtuf.coredump.cx/ffoxdie3.html
http://secunia.com/advisories/21513
Vendor Advisory
http://secunia.com/advisories/21906
Vendor Advisory
http://secunia.com/advisories/21915
Vendor Advisory
http://secunia.com/advisories/21916
Vendor Advisory
http://secunia.com/advisories/21939
Vendor Advisory
http://secunia.com/advisories/21940
Vendor Advisory
http://secunia.com/advisories/21949
Vendor Advisory
http://secunia.com/advisories/21950
Vendor Advisory
http://secunia.com/advisories/22001
Vendor Advisory
http://secunia.com/advisories/22025
Vendor Advisory
http://secunia.com/advisories/22056
http://secunia.com/advisories/22074
Vendor Advisory
http://secunia.com/advisories/22088
Vendor Advisory
http://secunia.com/advisories/22195
http://secunia.com/advisories/22274
Vendor Advisory
http://secunia.com/advisories/22391
Vendor Advisory
http://secunia.com/advisories/22422
Vendor Advisory
http://secunia.com/advisories/24711
http://security.gentoo.org/glsa/glsa-200609-19.xml
http://security.gentoo.org/glsa/glsa-200610-01.xml
http://security.gentoo.org/glsa/glsa-200610-04.xml
http://securitytracker.com/id?1016846
http://securitytracker.com/id?1016847
http://securitytracker.com/id?1016848
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
http://www.pianetapc.it/view.php?id=770
URL Repurposed
http://www.redhat.com/support/errata/RHSA-2006-0675.html
http://www.redhat.com/support/errata/RHSA-2006-0676.html
http://www.redhat.com/support/errata/RHSA-2006-0677.html
http://www.securiteam.com/securitynews/5VP0M0AJFW.html
http://www.securityfocus.com/archive/1/443020/100/100/threaded
http://www.securityfocus.com/archive/1/443306/100/100/threaded
http://www.securityfocus.com/archive/1/443500/100/100/threaded
http://www.securityfocus.com/archive/1/443528/100/0/threaded
http://www.securityfocus.com/archive/1/446140/100/0/threaded
http://www.securityfocus.com/archive/1/447837/100/200/threaded
http://www.securityfocus.com/archive/1/447840/100/200/threaded
http://www.securityfocus.com/archive/1/448956/100/100/threaded
http://www.securityfocus.com/archive/1/448984/100/100/threaded
http://www.securityfocus.com/archive/1/449245/100/100/threaded
http://www.securityfocus.com/archive/1/449487/100/0/threaded
http://www.securityfocus.com/archive/1/449726/100/0/threaded
http://www.securityfocus.com/bid/19488
http://www.securityfocus.com/bid/19534
http://www.ubuntu.com/usn/usn-351-1
http://www.ubuntu.com/usn/usn-352-1
http://www.vupen.com/english/advisories/2006/3617
http://www.vupen.com/english/advisories/2007/1198
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
https://bugzilla.mozilla.org/show_bug.cgi?id=348514
https://issues.rpath.com/browse/RPL-640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528