SecurityTracker: Mozilla Firefox Memory Corruption in Processing DHTML May Let Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Browser) > Mozilla Firefox

Vendors: Mozilla.org

Mozilla Firefox Memory Corruption in Processing DHTML May Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1015921

SecurityTracker URL: http://securitytracker.com/id/1015921

CVE Reference: CVE-2006-1724, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723 (Links to External Site)

Date: Apr 14 2006

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.5 - 1.5.0.1

Description: Several vulnerabilities were reported in Mozilla Firefox. A remote user may be able to execute arbitrary code on the target user's system.

A remote user can create specially crafted HTML that generates DHTML that, when loaded by the target user, will trigger a memory corruption error and cause the target user's browser to crash or potentially execute arbitrary code. The code will run with the privileges of the target user.

Impact: A remote user may be able to cause arbitrary code to be executed on the target user's system.

Solution: The vendor has issued a fixed version (1.5.0.2), available at:

http://mozilla.com/

Vendor URL: www.mozilla.org/security/announce/2006/mfsa2006-20.html (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (OS X), Windows (Any)

Message History: None.

Source Message Contents

Date: Fri, 14 Apr 2006 00:04:15 -0400
Subject: Mozilla Firefox vulnerability


http://www.mozilla.org/security/announce/2006/mfsa2006-20.html

Mozilla Foundation Security Advisory 2006-20

Fixed in: Firefox 1.5.0.2
  Thunderbird 1.5.0.2
  SeaMonkey 1.0.1


Also fixed in Firefox/Thunderbird 1.0.8, Mozilla Suite 1.7.13
https://bugzilla.mozilla.org/show_bug.cgi?id=282105
CVE-2006-1724

https://bugzilla.mozilla.org/show_bug.cgi?id=320459

Fixed in Firefox 1.5.0.2, not applicable to older releases:
https://bugzilla.mozilla.org/show_bug.cgi?id=315254
CVE-2006-1529

https://bugzilla.mozilla.org/show_bug.cgi?id=326615
CVE-2006-1530

https://bugzilla.mozilla.org/show_bug.cgi?id=326834
CVE-2006-1531

https://bugzilla.mozilla.org/show_bug.cgi?id=327941
CVE-2006-1723

https://bugzilla.mozilla.org/show_bug.cgi?id=328509

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC