Vulnerabilities > CVE-2006-5633 - Denial of Service vulnerability in Mozilla Firefox Range Script Object

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
mozilla
exploit available
NVD
Published: 2006-10-31
Updated: 2018-10-17

Summary

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

Vulnerable Configurations

Part Description Count
Application
Mozilla
3

Exploit-Db

descriptionMozilla Firefox <= 1.5.0.7/ 2.0 (createRange) Remote DoS Exploit. CVE-2006-5633. Dos exploits for multiple platform
idEDB-ID:2695
last seen2016-01-31
modified2006-10-31
published2006-10-31
reporterGotfault Security
sourcehttps://www.exploit-db.com/download/2695/
titleMozilla Firefox <= 1.5.0.7/ 2.0 createRange Remote DoS Exploit

Statements

contributorJoshua Bressers
lastmodified2006-11-07
organizationRed Hat
statementRed Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.

References