ID CVE-2006-5633
Summary Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 20799
bugtraq
  • 20061031 New Flaw in Firefox 2.0: DoS and possible remote code execution
  • 20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
  • 20061101 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
  • 20061127 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
confirm
fulldisc 20061030 Firefox <= 2.0 crash
misc http://www.gotfault.net/research/advisory/gadv-firefox.txt
xf firefox-createrange-dos(29916)
statements via4
contributor Joshua Bressers
lastmodified 2006-11-07
organization Red Hat
statement Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.
Last major update 17-10-2018 - 21:44
Published 31-10-2006 - 22:07
Back to Top