Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2006-4253

Published: 21/08/2006 Updated: 14/02/2024
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Firefox

Vulnerability Summary

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox 0.8

mozilla firefox 1.5

mozilla firefox 1.5.0.6

mozilla firefox 1.5.0.3

netscape navigator 8.1

mozilla firefox 1.0.2

mozilla firefox 0.9.1

mozilla firefox 1.0.4

mozilla firefox 1.0.7

mozilla firefox 0.10.1

mozilla firefox 0.9

k-meleon project k-meleon 1.0.1

mozilla firefox 1.0

mozilla firefox 1.0.1

mozilla firefox 1.5.0.5

mozilla firefox 1.5.0.2

mozilla firefox 1.0.3

mozilla firefox 0.9.3

mozilla firefox 0.9.2

mozilla firefox 1.5.0.4

mozilla firefox 1.5.0.1

mozilla firefox 0.10

mozilla firefox 1.0.5

mozilla firefox 1.0.6

mozilla firefox 1.0.8

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571) ...
Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
This update upgrades Thunderbird from 108 to 1507 This step was necessary since the 10x series is not supported by upstream any more ...
Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571) ...
Mozilla: Concurrency-related vulnerability
Mozilla Foundation Security Advisory 2006-59 Concurrency-related vulnerability Announced September 14, 2006 Reporter Jonathan Watt, Michal Zalewski Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

Exploits

Exploit DB: Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption
source: wwwsecurityfocuscom/bid/19488/info Mozilla Firefox is prone to a remote memory-corruption vulnerability This issue is due to a race condition that may result in double-free or other memory-corruption issues Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, bu ...

References

CWE-264http://www.securityfocus.com/archive/1/443306/100/100/threadedhttp://www.securityfocus.com/archive/1/443500/100/100/threadedhttp://lcamtuf.coredump.cx/ffoxdie.htmlhttp://www.securityfocus.com/bid/19534http://secunia.com/advisories/21513http://www.securiteam.com/securitynews/5VP0M0AJFW.htmlhttp://www.securityfocus.com/bid/19488http://www.mozilla.org/security/announce/2006/mfsa2006-59.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0676.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0677.htmlhttp://secunia.com/advisories/21906http://secunia.com/advisories/21949http://www.redhat.com/support/errata/RHSA-2006-0675.htmlhttp://securitytracker.com/id?1016846http://securitytracker.com/id?1016847http://securitytracker.com/id?1016848http://secunia.com/advisories/21915http://secunia.com/advisories/21916http://secunia.com/advisories/21939http://secunia.com/advisories/21940http://secunia.com/advisories/21950http://lcamtuf.coredump.cx/ffoxdie3.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=348514ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://www.ubuntu.com/usn/usn-350-1http://secunia.com/advisories/22036http://secunia.com/advisories/22001http://security.gentoo.org/glsa/glsa-200609-19.xmlhttp://www.novell.com/linux/security/advisories/2006_54_mozilla.htmlhttp://www.ubuntu.com/usn/usn-351-1http://www.ubuntu.com/usn/usn-352-1http://www.ubuntu.com/usn/usn-354-1http://secunia.com/advisories/22025http://secunia.com/advisories/22055http://secunia.com/advisories/22074http://secunia.com/advisories/22088http://security.gentoo.org/glsa/glsa-200610-01.xmlhttp://secunia.com/advisories/22210http://secunia.com/advisories/22274http://support.avaya.com/elmodocs2/security/ASA-2006-224.htmhttp://security.gentoo.org/glsa/glsa-200610-04.xmlhttp://secunia.com/advisories/22391http://secunia.com/advisories/22422http://www.pianetapc.it/view.php?id=770http://secunia.com/advisories/22056http://secunia.com/advisories/22195https://issues.rpath.com/browse/RPL-640http://secunia.com/advisories/24711http://www.mandriva.com/security/advisories?name=MDKSA-2006:168http://www.mandriva.com/security/advisories?name=MDKSA-2006:169http://secunia.com/advisories/22066http://www.vupen.com/english/advisories/2006/3617http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2007/1198http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742http://www.vupen.com/english/advisories/2008/0083https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528http://www.securityfocus.com/archive/1/449726/100/0/threadedhttp://www.securityfocus.com/archive/1/449487/100/0/threadedhttp://www.securityfocus.com/archive/1/449245/100/100/threadedhttp://www.securityfocus.com/archive/1/448984/100/100/threadedhttp://www.securityfocus.com/archive/1/448956/100/100/threadedhttp://www.securityfocus.com/archive/1/447840/100/200/threadedhttp://www.securityfocus.com/archive/1/447837/100/200/threadedhttp://www.securityfocus.com/archive/1/446140/100/0/threadedhttp://www.securityfocus.com/archive/1/443528/100/0/threadedhttp://www.securityfocus.com/archive/1/443020/100/100/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/351-1/https://www.exploit-db.com/exploits/28380/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook