Detections
Analytics
Firefox < 1.5.0.3 iframe.contentWindow.focus() Overflow
medium Nessus Plugin ID 21322
Synopsis
A web browser on the remote host may be prone to a denial of service attack.Description
The installed version of Firefox may allow a malicious site to crash the browser and potentially to run malicious code when attempting to use a deleted controller context.Successful exploitation requires that 'designMode' be turned on.
Solution
Upgrade to Firefox 1.5.0.3 or later.See Also
https://www.securityfocus.com/archive/1/archive/1/431878/100/0/threaded
https://www.mozilla.org/en-US/security/advisories/mfsa2006-30/
Plugin Details
Severity: Medium
ID: 21322
File Name: mozilla_firefox_1503.nasl
Version: 1.21
Type: local
Agent: windows
Family: Windows
Published: 5/4/2006
Updated: 11/15/2018
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Temporal Score: 4
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:mozilla:firefox
Required KB Items: Mozilla/Firefox/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/2/2006
Vulnerability Publication Date: 4/23/2006
Reference Information
CVE: CVE-2006-1993
BID: 17671