Oval Definition:	oval:org.mitre.oval:def:1790
Revision Date: 2009-11-09 Version: 3 Title: Mozilla Deleted Object Reference When designMode="on" Description: Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2006-1993 Platform(s): Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows XP Product(s): mozilla Definition Synopsis Mozilla Firefox version 1.5 is installed and has NOT been patched with version 1.5.0.3 Mozilla Firefox version 1.5 is installed AND Firefox version 1.5 or earlier is installed AND NOT The version of Firefox.exe is greater than or equal to 1.8.20060.42618 (v1.5.0.3) OR Mozilla Firefox version 1.5.0.1 is installed Mozilla Firefox version 1.5.0.1 is installed AND Firefox version 1.5.0.1 is installed OR Mozilla Firefox version 1.5.0.2 is installed Mozilla Firefox version 1.5.0.2 is installed AND Firefox version 1.5.0.2 is installed
BACK