CVE-2006-4253

Priority
Description
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows
remote attackers to cause a denial of service (crash) and possibly execute
arbitrary code via multiple Javascript timed events that load a deeply
nested XML file, followed by redirecting the browser to another page, which
leads to a concurrency failure that causes structures to be freed
incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has
been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by
ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the
same underlying vulnerability. NOTE: it was later reported that Firefox
2.0 RC2 and 1.5.0.7 are also affected.
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-09 23:56:01 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)