Executive Summary
Summary | |
---|---|
Title | HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | HPSBTU02118 SSRT061145 | First vendor Publication | 2006-05-12 |
Vendor | HP | Last vendor Modification | 2006-05-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified in Firefox for HP Tru64 UNIX and in the Mozilla Application Suite for HP Tru64 UNIX. The vulnerabilities could result in possible remote execution of arbitrary code or Denial of Service (DoS). |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00672120 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1790 | |||
Oval ID: | oval:org.mitre.oval:def:1790 | ||
Title: | Mozilla Deleted Object Reference When designMode="on" | ||
Description: | Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1993 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-06 (mozilla-firefox) File : nvt/glsa_200605_06.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox23.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1053-1 (mozilla) File : nvt/deb_1053_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1055-1 (mozilla-firefox) File : nvt/deb_1055_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24967 | Mozilla Firefox iframe.contentWindow.focus() Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2018-03-06 | Mozilla Firefox Javascript Function focus overflow attempt RuleID : 45576 - Revision : 2 - Type : BROWSER-FIREFOX |
2017-08-24 | Mozilla Firefox Javascript contentWindow in an iframe exploit attempt RuleID : 43706 - Revision : 1 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Javascript contentWindow in an iframe exploit attempt RuleID : 17260 - Revision : 11 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Javascript Function focus overflow attempt RuleID : 16024 - Revision : 9 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1053.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1055.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e2476979da7411daa67b0013d4a4a40e.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-06.nasl - Type : ACT_GATHER_INFO |
2006-05-04 | Name : A web browser on the remote host may be prone to a denial of service attack. File : mozilla_firefox_1503.nasl - Type : ACT_GATHER_INFO |