Bug: Firefox Remote Code Execution and DoS 1.5.0.2 ( Ascii Version )

	WLB2.ORG
Full List

Bugs

Bogus

Tricks

Exploits

	CVEMAP.ORG
Full List

Vendors

Products

	Tools
CWE Dictionary

Dorks List

cIFrex

	Search
Bugtraq

CVEMAP

CVE Id

CWE Id

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Add note

About



	Submit
To add a note, use this form or send email to submit@cxsec.org


	Social

Firefox Remote Code Execution and DoS 1.5.0.2

Published	Credit	Risk
2006.04.26	chris splices org	Low

CWE	CVE	Local	Remote
CWE-399	CVE-2006-1993	Yes	Yes

CVSS Base Score	Impact Subscore		Exploitability Subscore
5.1/10	6.4/10		4.9/10

Exploit range	Attack complexity	Authentication
Remote	High	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

---------------------------------------------------
Software:
Firefox Web Browser
Tested:
Linux, Windows clients' version 1.5.0.2
Result:
Firefox Remote Code Execution and Denial of Service - Vendor contacted, no patch yet.
Problem:
A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur.
Proof of Concept:
http://www.securident.com/vuln/ff.txt
Credits:
splices(splices [dot] org)
spiffomatic64(spiffomatic64 [dot] com)
Securident Technologies (securident [dot] com)
------------------------------------------------

ASCII VERSION

Ascii Version

Bug: Firefox Remote Code Execution and DoS 1.5.0.2 ( Ascii Version )

use this form