CVE-2006-4253

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2006-4253
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2006-08-21 20:04:00 UTC
Updated2018-10-17 21:34:00 UTC
DescriptionConcurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application K-meleon Project K-meleon 1.0.1 All All All
Application K-meleon Project K-meleon 1.0.1 All All All
Application Mozilla Firefox 0.10 All All All
Application Mozilla Firefox 0.10.1 All All All
Application Mozilla Firefox 0.8 All All All
Application Mozilla Firefox 0.9 All All All
Application Mozilla Firefox 0.9 rc All All
Application Mozilla Firefox 0.9.1 All All All
Application Mozilla Firefox 0.9.2 All All All
Application Mozilla Firefox 0.9.3 All All All
Application Mozilla Firefox 1.0 All All All
Application Mozilla Firefox 1.0.1 All All All
Application Mozilla Firefox 1.0.2 All All All
Application Mozilla Firefox 1.0.3 All All All
Application Mozilla Firefox 1.0.4 All All All
Application Mozilla Firefox 1.0.5 All All All
Application Mozilla Firefox 1.0.6 All All All
Application Mozilla Firefox 1.0.7 All All All
Application Mozilla Firefox 1.0.8 All All All
Application Mozilla Firefox 1.5 All All All
Application Mozilla Firefox 1.5 beta1 All All
Application Mozilla Firefox 1.5 beta2 All All
Application Mozilla Firefox 1.5.0.1 All All All
Application Mozilla Firefox 1.5.0.2 All All All
Application Mozilla Firefox 1.5.0.3 All All All
Application Mozilla Firefox 1.5.0.4 All All All
Application Mozilla Firefox 1.5.0.5 All All All
Application Mozilla Firefox 1.5.0.6 All All All
Application Mozilla Firefox 0.10 All All All
Application Mozilla Firefox 0.10.1 All All All
Application Mozilla Firefox 0.8 All All All
Application Mozilla Firefox 0.9 All All All
Application Mozilla Firefox 0.9 rc All All
Application Mozilla Firefox 0.9.1 All All All
Application Mozilla Firefox 0.9.2 All All All
Application Mozilla Firefox 0.9.3 All All All
Application Mozilla Firefox 1.0 All All All
Application Mozilla Firefox 1.0.1 All All All
Application Mozilla Firefox 1.0.2 All All All
Application Mozilla Firefox 1.0.3 All All All
Application Mozilla Firefox 1.0.4 All All All
Application Mozilla Firefox 1.0.5 All All All
Application Mozilla Firefox 1.0.6 All All All
Application Mozilla Firefox 1.0.7 All All All
Application Mozilla Firefox 1.0.8 All All All
Application Mozilla Firefox 1.5 All All All
Application Mozilla Firefox 1.5 beta1 All All
Application Mozilla Firefox 1.5 beta2 All All
Application Mozilla Firefox 1.5.0.1 All All All
Application Mozilla Firefox 1.5.0.2 All All All
Application Mozilla Firefox 1.5.0.3 All All All
Application Mozilla Firefox 1.5.0.4 All All All
Application Mozilla Firefox 1.5.0.5 All All All
Application Mozilla Firefox 1.5.0.6 All All All
Application Netscape Navigator 8.1 All All All
Application Netscape Navigator 8.1 All All All

References

ReferenceSourceLinkTags
SecurityFocus BUGTRAQ www.securityfocus.com
SecurityFocus BUGTRAQ www.securityfocus.com
Gentoo update for mozilla-thunderbird - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Red Hat update for thunderbird - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Avaya Products Firefox Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
[#RPL-640] update to firefox 1.5.0.7 and thunderbird 1.5.0.7 for critical security fixes - rPath JIRA CONFIRM issues.rpath.com
Ubuntu update for firefox - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
usn/usn-350-1 - Ubuntu: Linux for human beings UBUNTU www.ubuntu.com
SecurityFocus BUGTRAQ www.securityfocus.com
Mandriva update for mozilla-firefox - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
rPath updates for firefox and thunderbird - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Security Announcement SUSE www.novell.com
Gentoo update for mozilla-firefox - Advisories - Secunia SECUNIA secunia.com
Red Hat update for firefox - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
HP-UX update for firefox - Advisories - Secunia SECUNIA secunia.com
Pagina non trovata - PianetaPC MISC www.pianetapc.it
Gentoo update for seamonkey - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Webmail - OVH VUPEN www.vupen.com
SecurityFocus BUGTRAQ www.securityfocus.com
Gentoo Linux Documentation -- Mozilla Firefox: Multiple vulnerabilities GENTOO security.gentoo.org
Ubuntu update for mozilla-thunderbird - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SecurityTracker.com Archives - Mozilla Seamonkey Javascript Bugs Let Remote Users Execute Arbitrary Code SECTRACK securitytracker.com
Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability BID www.securityfocus.com
MFSA 2006-59: Concurrency-related vulnerability CONFIRM www.mozilla.org
usn/usn-354-1 - Ubuntu: Linux for human beings UBUNTU www.ubuntu.com
Mozilla Thunderbird Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SecuriTeam™ - Netscape Concurrency-related Memory Corruption Vulnerability MISC www.securiteam.com
SecurityFocus BUGTRAQ www.securityfocus.com
ASA-2006-224 (RHSA-2006-0675) CONFIRM support.avaya.com
Ubuntu update for mozilla-thunderbird - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
Gentoo Linux Documentation -- Mozilla Thunderbird: Multiple vulnerabilities GENTOO security.gentoo.org
SecurityFocus BUGTRAQ www.securityfocus.com
Ubuntu update for firefox - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Mozilla SeaMonkey Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SecurityFocus BUGTRAQ www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
Red Hat update for seamonkey - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SecurityFocus BUGTRAQ www.securityfocus.com
SecurityTracker.com Archives - Mozilla Thunderbird Javascript Bugs Let Remote Users Execute Arbitrary Code SECTRACK securitytracker.com
wrong number (404) MISC lcamtuf.coredump.cx
usn/usn-352-1 - Ubuntu: Linux for human beings UBUNTU www.ubuntu.com
Mozilla Firefox Memory Corruption Weakness - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Gentoo Linux Documentation -- Seamonkey: Multiple vulnerabilities GENTOO security.gentoo.org
Netscape Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com
SecurityTracker.com Archives - Mozilla Firefox Javascript Bugs Let Remote Users Execute Arbitrary Code SECTRACK securitytracker.com
20060901-01-P SGI patches.sgi.com
wrong number (404) MISC lcamtuf.coredump.cx
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com
Mozilla Firefox Multiple Vulnerabilities - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SecurityFocus BUGTRAQ www.securityfocus.com
usn/usn-351-1 - Ubuntu: Linux for human beings UBUNTU www.ubuntu.com
SUSE updates for MozillaFirefox, MozillaThunderbird, and seamonkey - Advisories - Secunia SECUNIA secunia.com
SecurityFocus BUGTRAQ www.securityfocus.com
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
348514 – (CVE-2006-4253) Crash at http://lcamtuf.coredump.cx/ffoxdie.html (NOT due to too-much-recursion) [@ nsTextFrame::PrepareUnicodeText] [@ nsAutoIndexBuffer::~nsAutoIndexBuffer] (CVE-2006-4253) CONFIRM bugzilla.mozilla.org
SecurityFocus BUGTRAQ www.securityfocus.com
Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability BID www.securityfocus.com
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
SecurityFocus BUGTRAQ www.securityfocus.com
Repository / Oval Repository OVAL oval.cisecurity.org
IT Resource Center - login / register HP www1.itrc.hp.com
Mandriva update for mozilla-thunderbird - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Advisories - Mandriva Linux MANDRIVA www.mandriva.com
Advisories - Mandriva Linux MANDRIVA www.mandriva.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report