Release DateNov 08, 2011 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox.This issue is caused by an error when the vulnerable software handles malformed JavaScript code when "designMode" is set. It may allow remote attackers to execute arbitrary code by sending a crafted web page. |
Affected ProductsMozilla Firefox 1.5 beta 2Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.1 Debian: Debian Linux 3.1 Hewlett-Packard Company: Tru64 UNIX Any version |
Recommended ActionsUpgrade to the latest version of Firefox (1.5.0.3 or later), as listed in Mozilla Foundation Security Advisory 2006-30.For Debian GNU/Linux (Mozilla): Refer to Debian Security Advisory DSA-1053-1 for patch, upgrade, or suggested workaround information. For Debian GNU/Linux (Firefox): Refer to Debian Security Advisory DSA-1055-1 for patch, upgrade, or suggested workaround information. For HP Tru64 UNIX: Refer to Hewlett-Packard Company Security Bulletin HPSBTU02118 SSRT061145 for patch, upgrade, or suggested workaround information. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-1993 |
Reference/shttp://xforce.iss.net/xforce/xfdb/25994http://www.securityfocus.com/bid/17671 (BugTraq) https://bugzilla.mozilla.org/show_bug.cgi?id=334515 |
