CVE-2006-4253

Priority
Description
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows
remote attackers to cause a denial of service (crash) and possibly execute
arbitrary code via multiple Javascript timed events that load a deeply
nested XML file, followed by redirecting the browser to another page, which
leads to a concurrency failure that causes structures to be freed
incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has
been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by
ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the
same underlying vulnerability. NOTE: it was later reported that Firefox
2.0 RC2 and 1.5.0.7 are also affected.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-19 11:39:49 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)