Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4253 — Project K-meleon vulnerability

CWE-26414 documents9 sources

Severity

7.6HIGHNVD

EPSS

30.8%

top 3.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Thunderbird K-meleon Project K-meleon Mozilla Firefox +1 more

Timeline

PublishedAug 21

Latest updateMay 3

Description

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affec…

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox23 versions+22

▶Debianmozilla/thunderbird< 1.5.0.7-1+3

▶NVDnetscape/navigator8.1

▶NVDk-meleon_project/k-meleon1.0.1

🔴Vulnerability Details

GHSA

GHSA-42hr-qcx2-4fr6: Concurrency vulnerability in Mozilla Firefox 1↗2022-05-03

▶

CVEList

CVE-2006-4253: Concurrency vulnerability in Mozilla Firefox 1↗2006-08-21

▶

OSV

CVE-2006-4253: Concurrency vulnerability in Mozilla Firefox 1↗2006-08-21

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption↗2006-08-12

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2006-09-25

▶

Ubuntu

firefox vulnerabilities↗2006-09-23

▶

Ubuntu

Thunderbird vulnerabilities↗2006-09-22

▶

Red Hat

security flaw↗2006-08-12

▶

Debian

CVE-2006-4253: firefox - Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote a...↗2006

▶

💬Community

Bugzilla

CVE-2006-4253 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4340 Various SeaMonkey security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571)↗2006-09-14

▶

Bugzilla

CVE-2006-4340 Various Firefox security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4571)↗2006-09-14

▶

Bugzilla

CVE-2006-4340 Various Thunderbird security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4570 CVE-2006-4571)↗2006-09-14

▶