CVE-2006-5159 (GCVE-0-2006-5159)
Vulnerability from cvelistv5
Published
2006-10-03 23:00
Modified
2024-08-07 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources"
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "firefox-multiple-javascript-bo(29317)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29317"
},
{
"name": "20282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20282"
},
{
"name": "1016962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/"
},
{
"name": "20061001 0day in Firefox from ToorCon \u002706",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447497/100/0/threaded"
},
{
"name": "1678",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1678"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html"
},
{
"name": "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447493/100/0/threaded"
},
{
"name": "20294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that \"we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "firefox-multiple-javascript-bo(29317)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29317"
},
{
"name": "20282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20282"
},
{
"name": "1016962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/"
},
{
"name": "20061001 0day in Firefox from ToorCon \u002706",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447497/100/0/threaded"
},
{
"name": "1678",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1678"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html"
},
{
"name": "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447493/100/0/threaded"
},
{
"name": "20294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20294"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that \"we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firefox-multiple-javascript-bo(29317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29317"
},
{
"name": "20282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20282"
},
{
"name": "1016962",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016962"
},
{
"name": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/",
"refsource": "MISC",
"url": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/"
},
{
"name": "20061001 0day in Firefox from ToorCon \u002706",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447497/100/0/threaded"
},
{
"name": "1678",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1678"
},
{
"name": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html",
"refsource": "MISC",
"url": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html"
},
{
"name": "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447493/100/0/threaded"
},
{
"name": "20294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5159",
"datePublished": "2006-10-03T23:00:00",
"dateReserved": "2006-10-03T00:00:00",
"dateUpdated": "2024-08-07T19:41:04.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2006-5159\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-10-05T04:04:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that \\\"we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources\\\"\"},{\"lang\":\"es\",\"value\":\"** IMPUGNADA ** Desbordamiento de b\u00fafer basado en pila en Mozilla Firefox permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados implicando JavaScript. NOTA: el vendedor e investigadores originales han liberado un comentario de continuaci\u00f3n impugnando la severidad de este asunto, en el cual el investigador afirma que \\\"hemos mencionado que hubo una vulnerabilidad en Firefox previamente conocida que podr\u00eda provocar un desbordamiento de pila permitiendo ejecuci\u00f3n remota de c\u00f3digo. Sin embargo, el c\u00f3digo que hemos presentado no hace de hecho esto... No he tenido \u00e9xito haciendo que este c\u00f3digo haga algo m\u00e1s que provocar una ca\u00edda y consumo de recursos del sistema\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93C142C5-3A85-432B-80D6-2E7B1B4694F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2434FCE7-A50B-4527-9970-C7224B31141C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"5633FB6E-D623-49D4-9858-4E20E64DE458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"429ECA02-DBCD-45FB-942C-CA4BC1BC8A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F0DC80-5473-465C-9D7F-9589F1B78E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"567FF916-7DE0-403C-8528-7931A43E0D18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"010B34F4-910E-4515-990B-8E72DF009578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A545A77-2198-4685-A87F-E0F2DAECECF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"778FAE0C-A5CF-4B67-93A9-1A803E3E699F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7447185-7509-449D-8907-F30A42CF7EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDBAC37-9D08-44D1-B279-BC6ACF126CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFF89FA-2020-43CC-BACD-D66117B3DD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834BB391-5EB5-43A8-980A-D305EDAE6FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A38AD88-BAA6-4FBE-885B-69E951BD1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B500EE6C-99DB-49A3-A1F1-AFFD7FE28068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F2938F2-A801-45E5-8E06-BE03DE03C8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB88E86-6E83-4A59-9266-8B98AA91774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"66BE50FE-EA21-4633-A181-CD35196DF06E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6BF5B1-86D1-47FE-9D9C-735718F94874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D15CE0-69DF-4EFD-801E-96A4D6AABEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C30ACBCA-4FA1-46DE-8F15-4830BC27E160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9453EF65-7C69-449E-BF7C-4FECFB56713E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AA75825-21CF-475B-8040-126A13FA2216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA97C80E-17FA-4866-86CE-29886145ED80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE24BED-202E-416D-B5F2-8207D97B9939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04198E04-CE1D-4A5A-A20C-D1E135B45F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F61EA4A1-1916-48A5-8196-E3CDEF3108F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFDBA992-46F8-42A6-9428-C9E475CA69E3\"}]}]}],\"references\":[{\"url\":\"http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/1678\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016962\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447493/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447497/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20282\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20294\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29317\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/1678\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016962\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447493/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447497/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20282\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future.\\n\",\"lastModified\":\"2006-10-16T00:00:00\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…