ID CVE-2006-5633
Summary Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.
References
Vulnerable Configurations
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
CVSS
Base: 5.0 (as of 01-11-2006 - 14:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Mozilla Firefox <= 1.5.0.7/ 2.0 (createRange) Remote DoS Exploit. CVE-2006-5633. Dos exploits for multiple platform
id EDB-ID:2695
last seen 2016-01-31
modified 2006-10-31
published 2006-10-31
reporter Gotfault Security
source https://www.exploit-db.com/download/2695/
title Mozilla Firefox <= 1.5.0.7/ 2.0 createRange Remote DoS Exploit
refmap via4
bid 20799
bugtraq
  • 20061031 New Flaw in Firefox 2.0: DoS and possible remote code execution
  • 20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
  • 20061101 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
  • 20061127 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
confirm
fulldisc 20061030 Firefox <= 2.0 crash
misc http://www.gotfault.net/research/advisory/gadv-firefox.txt
xf firefox-createrange-dos(29916)
statements via4
contributor Joshua Bressers
lastmodified 2006-11-07
organization Red Hat
statement Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.
Last major update 05-09-2008 - 17:12
Published 31-10-2006 - 17:07
Last modified 17-10-2018 - 17:44
Back to Top