CVE-2006-1993
CVE-2006-1993
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/1716unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/19802http://secunia.com/advisories/20015http://secunia.com/advisories/20019http://secunia.com/advisories/20070http://secunia.com/advisories/20214http://secunia.com/advisories/22066http://securityreason.com/securityalert/780http://securitytracker.com/id?1015981https://exchange.xforce.ibmcloud.com/vulnerabilities/25994https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790http://www.debian.org/security/2006/dsa-1053http://www.debian.org/security/2006/dsa-1055