Vulnerability Name:

CVE-2006-5159

Assigned:2006-10-05
Published:2006-10-05
Updated:2018-10-17
Summary:** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript.
Note: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources".
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:ALLOWS_USER_ACCESS
References:Source: MITRE
Type: CNA
CVE-2006-5159

Source: MISC
Type: UNKNOWN
http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/

Source: SREASON
Type: UNKNOWN
1678

Source: SECTRACK
Type: UNKNOWN
1016962

Source: BUGTRAQ
Type: UNKNOWN
20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws

Source: BUGTRAQ
Type: UNKNOWN
20061001 0day in Firefox from ToorCon '06

Source: BID
Type: UNKNOWN
20282

Source: BID
Type: UNKNOWN
20294

Source: MISC
Type: UNKNOWN
http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html

Source: XF
Type: UNKNOWN
firefox-multiple-javascript-bo(29317)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:preview_release:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    mozilla firefox 0.8
    mozilla firefox 0.9
    mozilla firefox 0.9 rc
    mozilla firefox 0.9.1
    mozilla firefox 0.9.2
    mozilla firefox 0.9.3
    mozilla firefox 0.10
    mozilla firefox 0.10.1
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.5
    mozilla firefox 1.0.6
    mozilla firefox 1.0.7
    mozilla firefox 1.0.8
    mozilla firefox 1.5
    mozilla firefox 1.5 beta1
    mozilla firefox 1.5 beta2
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.3
    mozilla firefox 1.5.4
    mozilla firefox 1.5.5
    mozilla firefox 1.5.6
    mozilla firefox 1.5.7
    mozilla firefox 1.5.8
    mozilla firefox 2.0 beta_1
    mozilla firefox preview_release