Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.

Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. Since Mozilla and Firefox share the same codebase, Firefox may be vulnerable as well.

Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code.

A Mozilla Foundation Security Advisory reports for deleted object reference when designMode='on'

Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause : attempting to use a deleted controller context when designMode was turned on. This generally results in crashing the browser, but in theory references to deleted objects can be abused to run malicious code.

'splices' reported the same crash at the fan site MozillaZine and on Bugtraq, incorrectly describing it as a buffer overflow.

The remote host is affected by the vulnerability described in GLSA-200605-06 (Mozilla Firefox: Potential remote code execution)

    Martijn Wargers and Nick Mott discovered a vulnerability when     rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is     not affected.
  Impact :

    If JavaScript is enabled, by tricking a user into visiting a     malicious web page which would send a specially crafted HTML script     that contains references to deleted objects with the 'designMode'     property enabled, an attacker can crash the web browser and in theory     manage to execute arbitrary code with the rights of the user running     the browser.
  Workaround :

    There is no known workaround at this time.

The installed version of Firefox may allow a malicious site to crash the browser and potentially to run malicious code when attempting to use a deleted controller context. 

Successful exploitation requires that 'designMode' be turned on.

Versions of Mozilla Firefox 1.5.x prior to 1.5.0.3 are affected by various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.  The version of Firefox is vulnerable to multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker exploiting these flaws would need to be able to convince a user to browse to a malicious URI.

The remote host is using Firefox. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.  The version of Firefox is vulnerable to multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker exploiting these flaws would need to be able to convince a user to browse to a malicious URI.

ID	Name	Product	Family	Severity
22597	Debian DSA-1055-1 : mozilla-firefox - programming error	Nessus	Debian Local Security Checks	medium
22595	Debian DSA-1053-1 : mozilla - programming error	Nessus	Debian Local Security Checks	medium
21523	FreeBSD : firefox -- denial of service vulnerability (e2476979-da74-11da-a67b-0013d4a4a40e)	Nessus	FreeBSD Local Security Checks	medium
21348	GLSA-200605-06 : Mozilla Firefox: Potential remote code execution	Nessus	Gentoo Local Security Checks	medium
21322	Firefox < 1.5.0.3 iframe.contentWindow.focus() Overflow	Nessus	Windows	medium
3531	Mozilla Firefox 1.5.x < 1.5.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801307	Mozilla Firefox < 1.5.0.3 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	medium

Detections

Analytics

CVE-2006-1993

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium