Vulnerabilities > CVE-2006-1993 - Resource Management Errors vulnerability in Mozilla Firefox 1.5.0.2
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Mozilla Firefox <= 1.5.0.2 (js320.dll/xpcom_core.dll) Denial of Service PoC. CVE-2006-1993. Dos exploits for multiple platform |
| id | EDB-ID:1716 |
| last seen | 2016-01-31 |
| modified | 2006-04-24 |
| published | 2006-04-24 |
| reporter | splices |
| source | https://www.exploit-db.com/download/1716/ |
| title | Mozilla Firefox <= 1.5.0.2 js320.dll/xpcom_core.dll Denial of Service PoC |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200605-06.NASL description The remote host is affected by the vulnerability described in GLSA-200605-06 (Mozilla Firefox: Potential remote code execution) Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Impact : If JavaScript is enabled, by tricking a user into visiting a malicious web page which would send a specially crafted HTML script that contains references to deleted objects with the last seen 2020-06-01 modified 2020-06-02 plugin id 21348 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21348 title GLSA-200605-06 : Mozilla Firefox: Potential remote code execution NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E2476979DA7411DAA67B0013D4A4A40E.NASL description A Mozilla Foundation Security Advisory reports for deleted object reference when designMode= last seen 2020-06-01 modified 2020-06-02 plugin id 21523 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21523 title FreeBSD : firefox -- denial of service vulnerability (e2476979-da74-11da-a67b-0013d4a4a40e) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1053.NASL description Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. last seen 2020-06-01 modified 2020-06-02 plugin id 22595 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22595 title Debian DSA-1053-1 : mozilla - programming error NASL family Windows NASL id MOZILLA_FIREFOX_1503.NASL description The installed version of Firefox may allow a malicious site to crash the browser and potentially to run malicious code when attempting to use a deleted controller context. Successful exploitation requires that last seen 2020-06-01 modified 2020-06-02 plugin id 21322 published 2006-05-04 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21322 title Firefox < 1.5.0.3 iframe.contentWindow.focus() Overflow NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1055.NASL description Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. Since Mozilla and Firefox share the same codebase, Firefox may be vulnerable as well. last seen 2020-06-01 modified 2020-06-02 plugin id 22597 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22597 title Debian DSA-1055-1 : mozilla-firefox - programming error
Oval
| accepted | 2009-11-09T04:00:11.490-05:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| description | Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. | ||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:1790 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2006-05-07T09:05:00.000-04:00 | ||||||||||||||||||||||||
| title | Mozilla Deleted Object Reference When designMode="on" | ||||||||||||||||||||||||
| version | 4 |
References
- http://secunia.com/advisories/19802
- http://secunia.com/advisories/20015
- http://secunia.com/advisories/20019
- http://secunia.com/advisories/20070
- http://secunia.com/advisories/20214
- http://secunia.com/advisories/22066
- http://securityreason.com/securityalert/780
- http://securitytracker.com/id?1015981
- http://www.debian.org/security/2006/dsa-1053
- http://www.debian.org/security/2006/dsa-1055
- http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml
- http://www.kb.cert.org/vuls/id/866300
- http://www.mozilla.org/security/announce/2006/mfsa2006-30.html
- http://www.securident.com/vuln/ff.txt
- http://www.securityfocus.com/archive/1/431878/100/0/threaded
- http://www.securityfocus.com/archive/1/434524/100/0/threaded
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/bid/17671
- http://www.vupen.com/english/advisories/2006/1614
- http://www.vupen.com/english/advisories/2006/1922
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2008/0083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25994
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790