CVE - CVE-2006-4253

CVE-ID
CVE-2006-4253	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19488 URL:http://www.securityfocus.com/bid/19488 BID:19534 URL:http://www.securityfocus.com/bid/19534 BUGTRAQ:20060812 Concurrency-related vulnerabilities in browsers - expect problems URL:http://www.securityfocus.com/archive/1/443020/100/100/threaded BUGTRAQ:20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems URL:http://www.securityfocus.com/archive/1/443306/100/100/threaded BUGTRAQ:20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems URL:http://www.securityfocus.com/archive/1/443528/100/0/threaded BUGTRAQ:20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems URL:http://www.securityfocus.com/archive/1/443500/100/100/threaded BUGTRAQ:20060915 rPSA-2006-0169-1 firefox thunderbird URL:http://www.securityfocus.com/archive/1/446140/100/0/threaded BUGTRAQ:20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems URL:http://www.securityfocus.com/archive/1/447840/100/200/threaded BUGTRAQ:20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems URL:http://www.securityfocus.com/archive/1/447837/100/200/threaded BUGTRAQ:20061017 Flaw in Firefox 2.0 RC2 URL:http://www.securityfocus.com/archive/1/448956/100/100/threaded BUGTRAQ:20061017 Re: Flaw in Firefox 2.0 RC2 URL:http://www.securityfocus.com/archive/1/448984/100/100/threaded BUGTRAQ:20061019 Re: Flaw in Firefox 2.0 RC2 URL:http://www.securityfocus.com/archive/1/449245/100/100/threaded BUGTRAQ:20061023 Flaw in Firefox 2.0 Final URL:http://www.securityfocus.com/archive/1/449487/100/0/threaded BUGTRAQ:20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability URL:http://www.securityfocus.com/archive/1/449726/100/0/threaded CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-59.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=348514 CONFIRM:https://issues.rpath.com/browse/RPL-640 GENTOO:GLSA-200609-19 URL:http://security.gentoo.org/glsa/glsa-200609-19.xml GENTOO:GLSA-200610-01 URL:http://security.gentoo.org/glsa/glsa-200610-01.xml GENTOO:GLSA-200610-04 URL:http://security.gentoo.org/glsa/glsa-200610-04.xml HP:HPSBUX02153 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 HP:SSRT061181 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 MANDRIVA:MDKSA-2006:168 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:168~~ (Obsolete source) MANDRIVA:MDKSA-2006:169 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:169~~ (Obsolete source) MISC:http://lcamtuf.coredump.cx/ffoxdie.html MISC:http://lcamtuf.coredump.cx/ffoxdie3.html MISC:http://www.pianetapc.it/view.php?id=770 MISC:http://www.securiteam.com/securitynews/5VP0M0AJFW.html OVAL:oval:org.mitre.oval:def:9528 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528 REDHAT:RHSA-2006:0675 URL:http://www.redhat.com/support/errata/RHSA-2006-0675.html REDHAT:RHSA-2006:0676 URL:http://www.redhat.com/support/errata/RHSA-2006-0676.html REDHAT:RHSA-2006:0677 URL:http://www.redhat.com/support/errata/RHSA-2006-0677.html SECTRACK:1016846 URL:http://securitytracker.com/id?1016846 SECTRACK:1016847 URL:http://securitytracker.com/id?1016847 SECTRACK:1016848 URL:http://securitytracker.com/id?1016848 SECUNIA:21513 URL:http://secunia.com/advisories/21513 SECUNIA:21906 URL:http://secunia.com/advisories/21906 SECUNIA:21915 URL:http://secunia.com/advisories/21915 SECUNIA:21916 URL:http://secunia.com/advisories/21916 SECUNIA:21939 URL:http://secunia.com/advisories/21939 SECUNIA:21940 URL:http://secunia.com/advisories/21940 SECUNIA:21949 URL:http://secunia.com/advisories/21949 SECUNIA:21950 URL:http://secunia.com/advisories/21950 SECUNIA:22001 URL:http://secunia.com/advisories/22001 SECUNIA:22025 URL:http://secunia.com/advisories/22025 SECUNIA:22036 URL:http://secunia.com/advisories/22036 SECUNIA:22055 URL:http://secunia.com/advisories/22055 SECUNIA:22056 URL:http://secunia.com/advisories/22056 SECUNIA:22066 URL:http://secunia.com/advisories/22066 SECUNIA:22074 URL:http://secunia.com/advisories/22074 SECUNIA:22088 URL:http://secunia.com/advisories/22088 SECUNIA:22195 URL:http://secunia.com/advisories/22195 SECUNIA:22210 URL:http://secunia.com/advisories/22210 SECUNIA:22274 URL:http://secunia.com/advisories/22274 SECUNIA:22391 URL:http://secunia.com/advisories/22391 SECUNIA:22422 URL:http://secunia.com/advisories/22422 SECUNIA:24711 URL:http://secunia.com/advisories/24711 SGI:20060901-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SUSE:SUSE-SA:2006:054 URL:http://www.novell.com/linux/security/advisories/2006_54_mozilla.html UBUNTU:USN-350-1 URL:http://www.ubuntu.com/usn/usn-350-1 UBUNTU:USN-351-1 URL:http://www.ubuntu.com/usn/usn-351-1 UBUNTU:USN-352-1 URL:http://www.ubuntu.com/usn/usn-352-1 UBUNTU:USN-354-1 URL:http://www.ubuntu.com/usn/usn-354-1 VUPEN:ADV-2006-3617 URL:~~http://www.vupen.com/english/advisories/2006/3617~~ (Obsolete source) VUPEN:ADV-2006-3748 URL:~~http://www.vupen.com/english/advisories/2006/3748~~ (Obsolete source) VUPEN:ADV-2007-1198 URL:~~http://www.vupen.com/english/advisories/2007/1198~~ (Obsolete source) VUPEN:ADV-2008-0083 URL:~~http://www.vupen.com/english/advisories/2008/0083~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20060821	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060821)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)