Vulnerability CVE-2006-4253 - CERT Civis.Net

Vulnerability Name:

CVE-2006-4253 (CCN-28644)

Assigned:

2006-08-12

Published:

2006-08-12

Updated:

2018-10-17

Summary:

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.
Note: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.
Note: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

CVSS v3 Severity:

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: SGI
Type: UNKNOWN
20060901-01-P

Source: CCN
Type: BugTraq Mailing List, Sat Aug 12 2006 - 11:15:12 CDT
Concurrency-related vulnerabilities in browsers - expect problems

Source: MITRE
Type: CNA
CVE-2006-4253

Source: MISC
Type: UNKNOWN
http://lcamtuf.coredump.cx/ffoxdie.html

Source: MISC
Type: UNKNOWN
http://lcamtuf.coredump.cx/ffoxdie3.html

Source: CCN
Type: RHSA-2006-0675
firefox security update

Source: CCN
Type: RHSA-2006-0676
seamonkey security update

Source: CCN
Type: RHSA-2006-0677
thunderbird security update

Source: CCN
Type: SA21513
Mozilla Firefox Memory Corruption Weakness

Source: SECUNIA
Type: Vendor Advisory
21513

Source: CCN
Type: SA21906
Mozilla Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21906

Source: SECUNIA
Type: Vendor Advisory
21915

Source: SECUNIA
Type: Vendor Advisory
21916

Source: CCN
Type: SA21939
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21939

Source: CCN
Type: SA21940
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21940

Source: SECUNIA
Type: Vendor Advisory
21949

Source: SECUNIA
Type: Vendor Advisory
21950

Source: SECUNIA
Type: Vendor Advisory
22001

Source: SECUNIA
Type: Vendor Advisory
22025

Source: SECUNIA
Type: Vendor Advisory
22036

Source: SECUNIA
Type: Vendor Advisory
22055

Source: SECUNIA
Type: UNKNOWN
22056

Source: SECUNIA
Type: UNKNOWN
22066

Source: SECUNIA
Type: Vendor Advisory
22074

Source: SECUNIA
Type: Vendor Advisory
22088

Source: SECUNIA
Type: UNKNOWN
22195

Source: SECUNIA
Type: Vendor Advisory
22210

Source: SECUNIA
Type: Vendor Advisory
22274

Source: SECUNIA
Type: Vendor Advisory
22391

Source: CCN
Type: SA22422
Avaya Products Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22422

Source: CCN
Type: SA24711
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24711

Source: GENTOO
Type: UNKNOWN
GLSA-200609-19

Source: GENTOO
Type: UNKNOWN
GLSA-200610-01

Source: GENTOO
Type: UNKNOWN
GLSA-200610-04

Source: CCN
Type: SECTRACK ID: 1016846
Mozilla Firefox Javascript Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016846

Source: CCN
Type: SECTRACK ID: 1016847
Mozilla Seamonkey Javascript Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016847

Source: CCN
Type: SECTRACK ID: 1016848
Mozilla Thunderbird Javascript Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016848

Source: CCN
Type: ASA-2006-196
seamonkey security update (RHSA-2006-0676)

Source: CCN
Type: ASA-2006-219
thunderbird security update (RHSA-2006-0677)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

Source: CCN
Type: ASA-2006-224
firefox security update (RHSA-2006-0675)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: GLSA-200609-19
Mozilla Firefox: Multiple vulnerabilities

Source: CCN
Type: GLSA-200610-01
Mozilla Thunderbird: Multiple vulnerabilities

Source: CCN
Type: GLSA-200610-04
Seamonkey: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:168

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:169

Source: CCN
Type: MFSA 2006-59
Concurrency-related vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:054

Source: MISC
Type: UNKNOWN
http://www.pianetapc.it/view.php?id=770

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0675

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0676

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0677

Source: CCN
Type: SecuriTeam Security News 21 Aug. 2006
Netscape Concurrency-related Memory Corruption Vulnerability

Source: MISC
Type: UNKNOWN
http://www.securiteam.com/securitynews/5VP0M0AJFW.html

Source: BUGTRAQ
Type: UNKNOWN
20060812 Concurrency-related vulnerabilities in browsers - expect problems

Source: BUGTRAQ
Type: UNKNOWN
20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems

Source: BUGTRAQ
Type: UNKNOWN
20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems

Source: BUGTRAQ
Type: UNKNOWN
20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems

Source: BUGTRAQ
Type: UNKNOWN
20060915 rPSA-2006-0169-1 firefox thunderbird

Source: BUGTRAQ
Type: UNKNOWN
20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems

Source: BUGTRAQ
Type: UNKNOWN
20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems

Source: BUGTRAQ
Type: UNKNOWN
20061017 Flaw in Firefox 2.0 RC2

Source: BUGTRAQ
Type: UNKNOWN
20061017 Re: Flaw in Firefox 2.0 RC2

Source: BUGTRAQ
Type: UNKNOWN
20061019 Re: Flaw in Firefox 2.0 RC2

Source: BUGTRAQ
Type: UNKNOWN
20061023 Flaw in Firefox 2.0 Final

Source: BUGTRAQ
Type: UNKNOWN
20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability

Source: BID
Type: UNKNOWN
19488

Source: CCN
Type: BID-19488
Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability

Source: BID
Type: UNKNOWN
19534

Source: CCN
Type: BID-19534
Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability

Source: CCN
Type: USN-350-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-350-1

Source: CCN
Type: USN-351-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-351-1

Source: CCN
Type: USN-352-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-352-1

Source: CCN
Type: USN-354-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-354-1

Source: VUPEN
Type: UNKNOWN
ADV-2006-3617

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2007-1198

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: HP
Type: UNKNOWN
SSRT061181

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=348514

Source: XF
Type: UNKNOWN
multiple-browser-javascript-handler-dos(28644)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-640

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9528

Source: SUSE
Type: SUSE-SA:2006:054
Mozilla Firefox security update

Vulnerable Configuration:

Configuration 1:

cpe:/a:k-meleon_project:k-meleon:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:8.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:8.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1::ws:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20064253	V	CVE-2006-4253	2015-11-16
oval:org.mitre.oval:def:9528	V	Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.	2013-04-29
oval:com.redhat.rhsa:def:20060675	P	RHSA-2006:0675: firefox security update (Critical)	2006-09-15
oval:com.redhat.rhsa:def:20060676	P	RHSA-2006:0676: seamonkey security update (Critical)	2006-09-15
oval:com.redhat.rhsa:def:20060677	P	RHSA-2006:0677: thunderbird security update (Critical)	2006-09-15