oval:org.mitre.oval:def:1790

Definition Id: oval:org.mitre.oval:def:1790

Oval ID:	oval:org.mitre.oval:def:1790
Title:	Mozilla Deleted Object Reference When designMode="on"
Description:	Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-1993	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla
Definition Synopsis:
Mozilla Firefox version 1.5 is installed and has NOT been patched with version 1.5.0.3 Mozilla Firefox version 1.5 is installed AND Firefox version 1.5 or earlier is installed AND NOT The version of Firefox.exe is greater than or equal to 1.8.20060.42618 (v1.5.0.3) OR Mozilla Firefox version 1.5.0.1 is installed Mozilla Firefox version 1.5.0.1 is installed AND Firefox version 1.5.0.1 is installed OR Mozilla Firefox version 1.5.0.2 is installed Mozilla Firefox version 1.5.0.2 is installed AND Firefox version 1.5.0.2 is installed