Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5633 — Firefox vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

16.1%

top 5.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Firefox Debian Firefox-esr Mozilla Firefox +1 more

Timeline

PublishedOct 31

Latest updateMay 1

Description

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/firefox< firefox 45.0-1 (sid)

▶debiandebian/firefox-esr< firefox 45.0-1 (sid)

▶NVDmozilla/firefox1.5.0.7, 2.0+1

▶NVDmozilla/seamonkey1.1

🔴Vulnerability Details

GHSA

GHSA-vwr8-5r39-5qmj: Firefox 1↗2022-05-01

▶

OSV

CVE-2006-5633: Firefox 1↗2006-10-31

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 1.5.0.7/2.0 - 'createRange' Remote Denial of Service↗2006-10-31

▶

📋Vendor Advisories

Debian

CVE-2006-5633: firefox - Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a ...↗2006

▶

Red Hat

CVE-2006-5633: Firefox 1↗

▶