Vulnerability Name:

CVE-2006-1993 (CCN-25994)

Assigned:2006-04-23
Published:2006-04-23
Updated:2018-10-18
Summary:Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object.
Note: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Sun Apr 23 2006 - 20:26:37 CDT
Firefox Remote Code Execution and DoS 1.5.0.2

Source: CCN
Type: BugTraq Mailing List, Fri May 19 2006 - 08:05:21 CDT
[security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS)

Source: CCN
Type: Browser Fun Blog Monday, July 03, 2006
MoBB #4: Mozilla Firefox DesignMode

Source: MITRE
Type: CNA
CVE-2006-1993

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBTU02118 SSRT061145
HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS)

Source: CCN
Type: SA19802
Firefox "contentWindow.focus()" Deleted Object Reference Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
19802

Source: SECUNIA
Type: Vendor Advisory
20015

Source: SECUNIA
Type: Vendor Advisory
20019

Source: SECUNIA
Type: Vendor Advisory
20070

Source: CCN
Type: SA20214
HP Tru64 UNIX Firefox/Mozilla Application Suite Vulnerability

Source: SECUNIA
Type: Vendor Advisory
20214

Source: SECUNIA
Type: Vendor Advisory
22066

Source: SREASON
Type: UNKNOWN
780

Source: CCN
Type: SECTRACK ID: 1015981
Firefox IFRAME Initialization Function Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Exploit
1015981

Source: CCN
Type: ASA-2006-259
HP-UX Firefox Vulnerabilities

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: DEBIAN
Type: UNKNOWN
DSA-1053

Source: DEBIAN
Type: UNKNOWN
DSA-1055

Source: DEBIAN
Type: DSA-1053
mozilla -- programming error

Source: DEBIAN
Type: DSA-1055
mozilla-firefox -- programming error

Source: CCN
Type: GLSA-200605-06
Mozilla Firefox: Potential remote code execution

Source: GENTOO
Type: UNKNOWN
GLSA-200605-06

Source: CCN
Type: US-CERT VU#866300
Mozilla Firefox designMode deleted object reference

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#866300

Source: CCN
Type: MFSA 2006-30
Deleted object reference when designMode="on"

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-30.html

Source: CCN
Type: OSVDB ID: 24967
Mozilla Firefox iframe.contentWindow.focus() Overflow

Source: MISC
Type: Exploit
http://www.securident.com/vuln/ff.txt

Source: BUGTRAQ
Type: UNKNOWN
20060424 Firefox Remote Code Execution and DoS 1.5.0.2

Source: HP
Type: UNKNOWN
SSRT061145

Source: HP
Type: UNKNOWN
SSRT061181

Source: BID
Type: Exploit, Patch
17671

Source: CCN
Type: BID-17671
Mozilla Firefox iframe.contentWindow.focus Deleted Object Reference Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1614

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1922

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3748

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0083

Source: XF
Type: UNKNOWN
firefox-iframe-contentwindowfocus-bo(25994)

Source: XF
Type: UNKNOWN
firefox-iframe-contentwindowfocus-bo(25994)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1790

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1790
    V
    		Mozilla Deleted Object Reference When designMode="on"
    2009-11-09
    oval:org.debian:def:1055
    V
    		programming error
    2006-05-11
    oval:org.debian:def:1053
    V
    		programming error
    2006-05-09
    BACK
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.2
    gentoo linux *
    debian debian linux 3.1