CVE-2006-1993
published 2006-04-25CVE-2006-1993: Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain…
PriorityP340medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
51.35%
98.8th percentile
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 1.5.dfsg+1.5.0.3-1 (sid) | firefox 1.5.dfsg+1.5.0.3-1 (sid) |
| mozilla | firefox | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition requires designMode to be enabled in the browser; monitor for iframe-based JS invoking contentWindow.focus() while designMode is active ↗
- →Exploitation results in a use-after-free/dangling reference to a deleted controller context object — crash telemetry or access violations in js320.dll or xpcom_core.dll on Firefox 1.5.0.2 are indicative ↗
- ·Vulnerability is only exploitable when designMode is enabled in the target browsing context; not exploitable in default browser configurations ↗
- ·The buffer overflow characterisation of js320.dll and xpcom_core.dll is disputed by the vendor; the actual root cause is a dangling reference to a deleted controller context object ↗
- ·Fixed in Debian package version 1.5.dfsg+1.5.0.3-1; upstream fix is Firefox 1.5.0.3 ↗
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_debian5.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gh5c-2j93-h8q7: Mozilla Firefox 1
ghsa_unreviewed·2022-05-01
CVE-2006-1993 [MEDIUM] GHSA-gh5c-2j93-h8q7: Mozilla Firefox 1
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
Debian
CVE-2006-1993: firefox - Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to ...
vendor_debian·2006·CVSS 5.1
CVE-2006-1993 [MEDIUM] CVE-2006-1993: firefox - Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to ...
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.3-1)
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/19802http://secunia.com/advisories/20015http://secunia.com/advisories/20019http://secunia.com/advisories/20070http://secunia.com/advisories/20214http://secunia.com/advisories/22066http://securityreason.com/securityalert/780http://securitytracker.com/id?1015981http://www.debian.org/security/2006/dsa-1053http://www.debian.org/security/2006/dsa-1055http://www.gentoo.org/security/en/glsa/glsa-200605-06.xmlhttp://www.kb.cert.org/vuls/id/866300http://www.mozilla.org/security/announce/2006/mfsa2006-30.htmlhttp://www.securident.com/vuln/ff.txthttp://www.securityfocus.com/archive/1/431878/100/0/threadedhttp://www.securityfocus.com/archive/1/434524/100/0/threadedhttp://www.securityfocus.com/archive/1/446658/100/200/threadedhttp://www.securityfocus.com/bid/17671http://www.vupen.com/english/advisories/2006/1614http://www.vupen.com/english/advisories/2006/1922http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2008/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/25994https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790http://secunia.com/advisories/19802http://secunia.com/advisories/20015http://secunia.com/advisories/20019http://secunia.com/advisories/20070http://secunia.com/advisories/20214http://secunia.com/advisories/22066http://securityreason.com/securityalert/780http://securitytracker.com/id?1015981http://www.debian.org/security/2006/dsa-1053http://www.debian.org/security/2006/dsa-1055http://www.gentoo.org/security/en/glsa/glsa-200605-06.xmlhttp://www.kb.cert.org/vuls/id/866300http://www.mozilla.org/security/announce/2006/mfsa2006-30.htmlhttp://www.securident.com/vuln/ff.txthttp://www.securityfocus.com/archive/1/431878/100/0/threadedhttp://www.securityfocus.com/archive/1/434524/100/0/threadedhttp://www.securityfocus.com/archive/1/446658/100/200/threadedhttp://www.securityfocus.com/bid/17671http://www.vupen.com/english/advisories/2006/1614http://www.vupen.com/english/advisories/2006/1922http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2008/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/25994https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790
2006-04-25
Published