Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1993 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Firefox

CWE-3994 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

57.3%

top 1.84%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Firefox Mozilla Firefox

Timeline

PublishedApr 25

Latest updateMay 1

Description

Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox1.5.0.2

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.3-1 (sid)

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-gh5c-2j93-h8q7: Mozilla Firefox 1↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 1.5.0.2 - 'js320.dll/xpcom_core.dll' Denial of Service (PoC)↗2006-04-24

▶

📋Vendor Advisories

Debian

CVE-2006-1993: firefox - Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to ...↗2006

▶