Vulnerability CVE-2006-1273
Published: 2006-03-19   Modified: 2012-02-12

Description:
** DISPUTED ** Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Remote overflow in MSIE script action handlers (mshtml.dll)
Michal Zalewski
16.03.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Mozilla -> Firefox 

 References:
http://securityreason.com/securityalert/593
http://www.securityfocus.com/archive/1/427977/100/0/threaded
http://www.securityfocus.com/archive/1/428159/100/0/threaded
Copyright 2024, cxsecurity.com

 

Back to Top