5

CVE-2006-5633

Exploit
Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference.  NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version1.5.0.7
MozillaFirefox Version2.0
MozillaSeamonkey Version1.1 Updatebeta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.86% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html
Exploit
http://www.gotfault.net/research/advisory/gadv-firefox.txt
Vendor Advisory
Exploit
http://www.securityfocus.com/archive/1/450155/100/0/threaded
http://www.securityfocus.com/archive/1/450167/100/0/threaded
http://www.securityfocus.com/archive/1/450168/100/0/threaded
Vendor Advisory
Exploit
http://www.securityfocus.com/archive/1/450682/100/200/threaded
http://www.securityfocus.com/archive/1/452803/100/0/threaded
http://www.securityfocus.com/bid/20799
https://bugzilla.mozilla.org/show_bug.cgi?id=358797
Exploit
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/29916