CVE-2006-4253 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-4253
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4253

Description: Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-354-1 http://www.ubuntu.com/usn/usn-352-1 http://www.ubuntu.com/usn/usn-351-1 http://www.ubuntu.com/usn/usn-350-1 SUSE http://www.novell.com/linux/security/advisories/2006_54_mozilla.html ST 1016848 1016846 1016847 SGI SAID Secunia Advisory: SA22391 Secunia Advisory: SA22274 Secunia Advisory: SA22210 Secunia Advisory: SA22088 Secunia Advisory: SA22074 Secunia Advisory: SA22055 Secunia Advisory: SA22025 Secunia Advisory: SA22001 Secunia Advisory: SA22036 Secunia Advisory: SA21950 Secunia Advisory: SA21940 Secunia Advisory: SA21939 Secunia Advisory: SA21916 Secunia Advisory: SA21915 Secunia Advisory: SA21949 Secunia Advisory: SA21906 Secunia Advisory: SA21513 Secunia Advisory: SA22422 Secunia Advisory: SA22056 Secunia Advisory: SA22195 Secunia Advisory: SA24711 Secunia Advisory: SA22066 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0675.html http://www.redhat.com/support/errata/RHSA-2006-0677.html http://www.redhat.com/support/errata/RHSA-2006-0676.html MISC http://www.securiteam.com/securitynews/5VP0M0AJFW.html http://www.pianetapc.it/view.php?id=770 http://lcamtuf.coredump.cx/ffoxdie.html http://lcamtuf.coredump.cx/ffoxdie3.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 HP http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 GENTOO http://security.gentoo.org/glsa/glsa-200610-01.xml http://security.gentoo.org/glsa/glsa-200610-04.xml http://security.gentoo.org/glsa/glsa-200609-19.xml CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm http://www.mozilla.org/security/announce/2006/mfsa2006-59.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/446140/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/449726/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/449245/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/449487/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/448984/100/100/threaded http://www.securityfocus.com/archive/1/443500/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/448956/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/447837/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/447840/100/200/threaded http://www.securityfocus.com/archive/1/443306/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/443528/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/443020/100/100/threaded BID 19534 19488

Return to the previous page.