CVE-2006-4253
Vulnerability from cvelistv5
Published
2006-08-21 20:00
Modified
2024-08-07 19:06
Severity ?
Summary
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
cve@mitre.orghttp://lcamtuf.coredump.cx/ffoxdie.html
cve@mitre.orghttp://lcamtuf.coredump.cx/ffoxdie3.html
cve@mitre.orghttp://secunia.com/advisories/21513Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21906Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21915Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21916Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21939Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21940Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21949Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21950Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22001Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22025Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22036Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22055Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22056
cve@mitre.orghttp://secunia.com/advisories/22066
cve@mitre.orghttp://secunia.com/advisories/22074Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22088Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22195
cve@mitre.orghttp://secunia.com/advisories/22210Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22274Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22391Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22422Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24711
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200609-19.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200610-01.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200610-04.xml
cve@mitre.orghttp://securitytracker.com/id?1016846
cve@mitre.orghttp://securitytracker.com/id?1016847
cve@mitre.orghttp://securitytracker.com/id?1016848
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:168
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:169
cve@mitre.orghttp://www.mozilla.org/security/announce/2006/mfsa2006-59.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_54_mozilla.html
cve@mitre.orghttp://www.pianetapc.it/view.php?id=770URL Repurposed
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0675.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0676.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0677.html
cve@mitre.orghttp://www.securiteam.com/securitynews/5VP0M0AJFW.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/443020/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443306/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443500/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443528/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/446140/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/447837/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/447840/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/448956/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/448984/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/449245/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/449487/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/449726/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19488
cve@mitre.orghttp://www.securityfocus.com/bid/19534
cve@mitre.orghttp://www.ubuntu.com/usn/usn-350-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-351-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-352-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-354-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3617
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3748
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1198
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0083
cve@mitre.orghttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=348514
cve@mitre.orghttps://issues.rpath.com/browse/RPL-640
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061017 Flaw in Firefox 2.0 RC2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
          },
          {
            "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
          },
          {
            "name": "1016847",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016847"
          },
          {
            "name": "22391",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22391"
          },
          {
            "name": "ADV-2006-3748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "RHSA-2006:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
          },
          {
            "name": "22055",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22055"
          },
          {
            "name": "22195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22195"
          },
          {
            "name": "oval:org.mitre.oval:def:9528",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
          },
          {
            "name": "USN-352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-352-1"
          },
          {
            "name": "21513",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21513"
          },
          {
            "name": "21950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21950"
          },
          {
            "name": "USN-351-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-351-1"
          },
          {
            "name": "22025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22025"
          },
          {
            "name": "22056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22056"
          },
          {
            "name": "MDKSA-2006:168",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
          },
          {
            "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
          },
          {
            "name": "22210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22210"
          },
          {
            "name": "24711",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24711"
          },
          {
            "name": "GLSA-200610-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.pianetapc.it/view.php?id=770"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21939"
          },
          {
            "name": "1016848",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016848"
          },
          {
            "name": "ADV-2006-3617",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3617"
          },
          {
            "name": "21915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21915"
          },
          {
            "name": "ADV-2007-1198",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1198"
          },
          {
            "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
          },
          {
            "name": "RHSA-2006:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
          },
          {
            "name": "GLSA-200609-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "20061017 Re: Flaw in Firefox 2.0 RC2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
          },
          {
            "name": "22274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22274"
          },
          {
            "name": "RHSA-2006:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
          },
          {
            "name": "21940",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21940"
          },
          {
            "name": "22001",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22001"
          },
          {
            "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
          },
          {
            "name": "USN-350-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-350-1"
          },
          {
            "name": "21906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21906"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "20061019 Re: Flaw in Firefox 2.0 RC2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
          },
          {
            "name": "GLSA-200610-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
          },
          {
            "name": "22074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22074"
          },
          {
            "name": "22066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "22088",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22088"
          },
          {
            "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
          },
          {
            "name": "21949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21949"
          },
          {
            "name": "SUSE-SA:2006:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
          },
          {
            "name": "19534",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-640"
          },
          {
            "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
          },
          {
            "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "1016846",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016846"
          },
          {
            "name": "USN-354-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-354-1"
          },
          {
            "name": "19488",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19488"
          },
          {
            "name": "20061023 Flaw in Firefox 2.0 Final",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
          },
          {
            "name": "22422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22422"
          },
          {
            "name": "MDKSA-2006:169",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
          },
          {
            "name": "21916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21916"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061017 Flaw in Firefox 2.0 RC2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
        },
        {
          "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
        },
        {
          "name": "1016847",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016847"
        },
        {
          "name": "22391",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22391"
        },
        {
          "name": "ADV-2006-3748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3748"
        },
        {
          "name": "RHSA-2006:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
        },
        {
          "name": "22055",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22055"
        },
        {
          "name": "22195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22195"
        },
        {
          "name": "oval:org.mitre.oval:def:9528",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
        },
        {
          "name": "USN-352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-352-1"
        },
        {
          "name": "21513",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21513"
        },
        {
          "name": "21950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21950"
        },
        {
          "name": "USN-351-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-351-1"
        },
        {
          "name": "22025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22025"
        },
        {
          "name": "22056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22056"
        },
        {
          "name": "MDKSA-2006:168",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
        },
        {
          "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
        },
        {
          "name": "22210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22210"
        },
        {
          "name": "24711",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24711"
        },
        {
          "name": "GLSA-200610-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.pianetapc.it/view.php?id=770"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21939"
        },
        {
          "name": "1016848",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016848"
        },
        {
          "name": "ADV-2006-3617",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3617"
        },
        {
          "name": "21915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21915"
        },
        {
          "name": "ADV-2007-1198",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1198"
        },
        {
          "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
        },
        {
          "name": "RHSA-2006:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
        },
        {
          "name": "GLSA-200609-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "20061017 Re: Flaw in Firefox 2.0 RC2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
        },
        {
          "name": "22274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22274"
        },
        {
          "name": "RHSA-2006:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
        },
        {
          "name": "21940",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21940"
        },
        {
          "name": "22001",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22001"
        },
        {
          "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
        },
        {
          "name": "USN-350-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-350-1"
        },
        {
          "name": "21906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21906"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "20061019 Re: Flaw in Firefox 2.0 RC2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
        },
        {
          "name": "GLSA-200610-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
        },
        {
          "name": "22074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22074"
        },
        {
          "name": "22066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22066"
        },
        {
          "name": "22088",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22088"
        },
        {
          "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
        },
        {
          "name": "21949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21949"
        },
        {
          "name": "SUSE-SA:2006:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
        },
        {
          "name": "19534",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-640"
        },
        {
          "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
        },
        {
          "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "1016846",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016846"
        },
        {
          "name": "USN-354-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-354-1"
        },
        {
          "name": "19488",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19488"
        },
        {
          "name": "20061023 Flaw in Firefox 2.0 Final",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
        },
        {
          "name": "22422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22422"
        },
        {
          "name": "MDKSA-2006:169",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
        },
        {
          "name": "21916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21916"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061017 Flaw in Firefox 2.0 RC2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
            },
            {
              "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
            },
            {
              "name": "1016847",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016847"
            },
            {
              "name": "22391",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22391"
            },
            {
              "name": "ADV-2006-3748",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3748"
            },
            {
              "name": "RHSA-2006:0676",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
            },
            {
              "name": "http://lcamtuf.coredump.cx/ffoxdie.html",
              "refsource": "MISC",
              "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
            },
            {
              "name": "22055",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22055"
            },
            {
              "name": "22195",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22195"
            },
            {
              "name": "oval:org.mitre.oval:def:9528",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
            },
            {
              "name": "USN-352-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-352-1"
            },
            {
              "name": "21513",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21513"
            },
            {
              "name": "21950",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21950"
            },
            {
              "name": "USN-351-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-351-1"
            },
            {
              "name": "22025",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22025"
            },
            {
              "name": "22056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22056"
            },
            {
              "name": "MDKSA-2006:168",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
            },
            {
              "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
            },
            {
              "name": "22210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22210"
            },
            {
              "name": "24711",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24711"
            },
            {
              "name": "GLSA-200610-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
            },
            {
              "name": "http://www.pianetapc.it/view.php?id=770",
              "refsource": "MISC",
              "url": "http://www.pianetapc.it/view.php?id=770"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21939"
            },
            {
              "name": "1016848",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016848"
            },
            {
              "name": "ADV-2006-3617",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3617"
            },
            {
              "name": "21915",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21915"
            },
            {
              "name": "ADV-2007-1198",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1198"
            },
            {
              "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
            },
            {
              "name": "RHSA-2006:0677",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
            },
            {
              "name": "GLSA-200609-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
            },
            {
              "name": "20061017 Re: Flaw in Firefox 2.0 RC2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
            },
            {
              "name": "22274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22274"
            },
            {
              "name": "RHSA-2006:0675",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
            },
            {
              "name": "21940",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21940"
            },
            {
              "name": "22001",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22001"
            },
            {
              "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
            },
            {
              "name": "USN-350-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-350-1"
            },
            {
              "name": "21906",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21906"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
            },
            {
              "name": "20061019 Re: Flaw in Firefox 2.0 RC2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
            },
            {
              "name": "GLSA-200610-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
            },
            {
              "name": "22074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22074"
            },
            {
              "name": "22066",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22066"
            },
            {
              "name": "22088",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22088"
            },
            {
              "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
            },
            {
              "name": "21949",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21949"
            },
            {
              "name": "SUSE-SA:2006:054",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
            },
            {
              "name": "19534",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19534"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-640",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-640"
            },
            {
              "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
            },
            {
              "name": "http://lcamtuf.coredump.cx/ffoxdie3.html",
              "refsource": "MISC",
              "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
            },
            {
              "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "1016846",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016846"
            },
            {
              "name": "USN-354-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-354-1"
            },
            {
              "name": "19488",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19488"
            },
            {
              "name": "20061023 Flaw in Firefox 2.0 Final",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
            },
            {
              "name": "22422",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22422"
            },
            {
              "name": "MDKSA-2006:169",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
            },
            {
              "name": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html",
              "refsource": "MISC",
              "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
            },
            {
              "name": "21916",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21916"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4253",
    "datePublished": "2006-08-21T20:00:00",
    "dateReserved": "2006-08-21T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4253\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-08-21T20:04:00.000\",\"lastModified\":\"2024-02-14T01:17:43.863\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de concurrencia en Mozilla Firefox 1.5.0.6 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante m\u00faltiples eventos Javascript temporizados que cargan un archivo XML profundamente anidado, seguido por una redirecci\u00f3n del navegador hacia ora p\u00e1gina, lo cual lleva a un fallo de concurencia que provoca que se liberen estructuras incorrectamente, como ha sido demostrado por (1) ffoxdie y (2) ffoxdie3. NOTA: se ha reportado que Netscape 8.1 y K-Meleaon 1.0.1 tambi\u00e9n se han visto afectados por ffoxdie. Mozilla confirm\u00f3 a CVE que ffoxdie y ffoxdie3 disparan la misma vulnerabilidad subyacente. NOTA: se ha reportado posteriormente que Firefox 2.0 RC2 y 1.5.0.7 tambi\u00e9n est\u00e1n afectados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.6},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:k-meleon_project:k-meleon:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1EAAD01-C770-446C-916F-66782953AF02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93C142C5-3A85-432B-80D6-2E7B1B4694F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2434FCE7-A50B-4527-9970-C7224B31141C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"5633FB6E-D623-49D4-9858-4E20E64DE458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"429ECA02-DBCD-45FB-942C-CA4BC1BC8A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F0DC80-5473-465C-9D7F-9589F1B78E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"567FF916-7DE0-403C-8528-7931A43E0D18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"010B34F4-910E-4515-990B-8E72DF009578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A545A77-2198-4685-A87F-E0F2DAECECF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"778FAE0C-A5CF-4B67-93A9-1A803E3E699F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7447185-7509-449D-8907-F30A42CF7EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDBAC37-9D08-44D1-B279-BC6ACF126CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFF89FA-2020-43CC-BACD-D66117B3DD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834BB391-5EB5-43A8-980A-D305EDAE6FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A38AD88-BAA6-4FBE-885B-69E951BD1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B500EE6C-99DB-49A3-A1F1-AFFD7FE28068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F2938F2-A801-45E5-8E06-BE03DE03C8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB88E86-6E83-4A59-9266-8B98AA91774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"66BE50FE-EA21-4633-A181-CD35196DF06E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6BF5B1-86D1-47FE-9D9C-735718F94874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D15CE0-69DF-4EFD-801E-96A4D6AABEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2F38886-C25A-4C6B-93E7-36461405BA99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C65D2670-F37F-48CB-804A-D35BB1C27D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE8E5194-7B34-4802-BDA6-6A86EB5EDE05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D673003C-0491-4C94-8907-5E36BB5EB9AD\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lcamtuf.coredump.cx/ffoxdie.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lcamtuf.coredump.cx/ffoxdie3.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21513\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21906\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21915\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21916\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21939\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21940\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21949\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21950\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22001\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22025\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22036\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22056\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22066\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22074\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22195\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22210\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22274\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22391\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22422\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24711\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200609-19.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200610-01.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200610-04.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016846\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016847\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016848\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:168\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:169\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mozilla.org/security/announce/2006/mfsa2006-59.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_54_mozilla.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.pianetapc.it/view.php?id=770\",\"source\":\"cve@mitre.org\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0675.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0676.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0677.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securiteam.com/securitynews/5VP0M0AJFW.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/443020/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/443306/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/443500/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/443528/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/446140/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447837/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447840/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/448956/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/448984/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/449245/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/449487/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/449726/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19488\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19534\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-350-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-351-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-352-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-354-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3617\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3748\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1198\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0083\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=348514\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-640\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528\",\"source\":\"cve@mitre.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.