CVE-2006-4253

Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption

Severity Score

7.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

Vulnerabilidad de concurrencia en Mozilla Firefox 1.5.0.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante múltiples eventos Javascript temporizados que cargan un archivo XML profundamente anidado, seguido por una redirección del navegador hacia ora página, lo cual lleva a un fallo de concurencia que provoca que se liberen estructuras incorrectamente, como ha sido demostrado por (1) ffoxdie y (2) ffoxdie3. NOTA: se ha reportado que Netscape 8.1 y K-Meleaon 1.0.1 también se han visto afectados por ffoxdie. Mozilla confirmó a CVE que ffoxdie y ffoxdie3 disparan la misma vulnerabilidad subyacente. NOTA: se ha reportado posteriormente que Firefox 2.0 RC2 y 1.5.0.7 también están afectados.

*Credits: N/A

CVSS Scores

NISTv2 7.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-08-12 First Exploit
2006-08-21 CVE Reserved
2006-08-21 CVE Published
2024-04-26 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (70)

URL	Tag	Source
http://lcamtuf.coredump.cx/ffoxdie.html	X_refsource_misc
http://lcamtuf.coredump.cx/ffoxdie3.html	X_refsource_misc
http://secunia.com/advisories/22056	Third Party Advisory
http://secunia.com/advisories/22066	Third Party Advisory
http://secunia.com/advisories/22195	Third Party Advisory
http://secunia.com/advisories/24711	Third Party Advisory
http://securitytracker.com/id?1016846	Vdb Entry
http://securitytracker.com/id?1016847	Vdb Entry
http://securitytracker.com/id?1016848	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm	X_refsource_confirm
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html	X_refsource_confirm
http://www.pianetapc.it/view.php?id=770	Url Repurposed
http://www.securiteam.com/securitynews/5VP0M0AJFW.html	X_refsource_misc
http://www.securityfocus.com/archive/1/443020/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/443306/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/443500/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/443528/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/446140/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/447837/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/447840/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/448956/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/448984/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/449245/100/100/threaded	Mailing List
http://www.securityfocus.com/archive/1/449487/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/449726/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/19488	Vdb Entry
http://www.securityfocus.com/bid/19534	Vdb Entry
http://www.vupen.com/english/advisories/2006/3617	Vdb Entry
http://www.vupen.com/english/advisories/2006/3748	Vdb Entry
http://www.vupen.com/english/advisories/2007/1198	Vdb Entry
http://www.vupen.com/english/advisories/2008/0083	Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=348514	X_refsource_confirm
https://issues.rpath.com/browse/RPL-640	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/28380	2006-08-12

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc	2024-02-14
http://secunia.com/advisories/21513	2024-02-14
http://secunia.com/advisories/21906	2024-02-14
http://secunia.com/advisories/21915	2024-02-14
http://secunia.com/advisories/21916	2024-02-14
http://secunia.com/advisories/21939	2024-02-14
http://secunia.com/advisories/21940	2024-02-14
http://secunia.com/advisories/21949	2024-02-14
http://secunia.com/advisories/21950	2024-02-14
http://secunia.com/advisories/22001	2024-02-14
http://secunia.com/advisories/22025	2024-02-14
http://secunia.com/advisories/22036	2024-02-14
http://secunia.com/advisories/22055	2024-02-14
http://secunia.com/advisories/22074	2024-02-14
http://secunia.com/advisories/22088	2024-02-14
http://secunia.com/advisories/22210	2024-02-14
http://secunia.com/advisories/22274	2024-02-14
http://secunia.com/advisories/22391	2024-02-14
http://secunia.com/advisories/22422	2024-02-14
http://security.gentoo.org/glsa/glsa-200609-19.xml	2024-02-14
http://security.gentoo.org/glsa/glsa-200610-01.xml	2024-02-14
http://security.gentoo.org/glsa/glsa-200610-04.xml	2024-02-14
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168	2024-02-14
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169	2024-02-14
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html	2024-02-14
http://www.redhat.com/support/errata/RHSA-2006-0675.html	2024-02-14
http://www.redhat.com/support/errata/RHSA-2006-0676.html	2024-02-14
http://www.redhat.com/support/errata/RHSA-2006-0677.html	2024-02-14
http://www.ubuntu.com/usn/usn-350-1	2024-02-14
http://www.ubuntu.com/usn/usn-351-1	2024-02-14
http://www.ubuntu.com/usn/usn-352-1	2024-02-14
http://www.ubuntu.com/usn/usn-354-1	2024-02-14
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742	2024-02-14
https://access.redhat.com/security/cve/CVE-2006-4253	2006-09-15
https://bugzilla.redhat.com/show_bug.cgi?id=1618177	2006-09-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
K-meleon Project Search vendor "K-meleon Project"		K-meleon Search vendor "K-meleon Project" for product "K-meleon"				1.0.1 Search vendor "K-meleon Project" for product "K-meleon" and version "1.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.8 Search vendor "Mozilla" for product "Firefox" and version "0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9 Search vendor "Mozilla" for product "Firefox" and version "0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9 Search vendor "Mozilla" for product "Firefox" and version "0.9"		rc		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9.1 Search vendor "Mozilla" for product "Firefox" and version "0.9.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9.2 Search vendor "Mozilla" for product "Firefox" and version "0.9.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.9.3 Search vendor "Mozilla" for product "Firefox" and version "0.9.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.10 Search vendor "Mozilla" for product "Firefox" and version "0.10"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				0.10.1 Search vendor "Mozilla" for product "Firefox" and version "0.10.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0 Search vendor "Mozilla" for product "Firefox" and version "1.0"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.0.8 Search vendor "Mozilla" for product "Firefox" and version "1.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		beta1		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		beta2		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6"		-		Affected
Netscape Search vendor "Netscape"		Navigator Search vendor "Netscape" for product "Navigator"				8.1 Search vendor "Netscape" for product "Navigator" and version "8.1"		-		Affected