{"api_version":"1","generated_at":"2026-04-24T22:08:17+00:00","cve":"CVE-2006-4253","urls":{"html":"https://cve.report/CVE-2006-4253","api":"https://cve.report/api/cve/CVE-2006-4253.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-4253","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-4253"},"summary":{"title":"CVE-2006-4253","description":"Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-08-21 20:04:00","updated_at":"2018-10-17 21:34:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/archive/1/443528/100/0/threaded","name":"20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/443020/100/100/threaded","name":"20060812 Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22274","name":"22274","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for mozilla-thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21916","name":"21916","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat update for thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22422","name":"22422","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Avaya Products Firefox Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-640","name":"https://issues.rpath.com/browse/RPL-640","refsource":"CONFIRM","tags":[],"title":"[#RPL-640] update to firefox 1.5.0.7 and thunderbird 1.5.0.7 for critical security fixes - rPath JIRA","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/22025","name":"22025","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-350-1","name":"USN-350-1","refsource":"UBUNTU","tags":[],"title":"usn/usn-350-1 - Ubuntu: Linux for human beings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/443306/100/100/threaded","name":"20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22001","name":"22001","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for mozilla-firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22036","name":"22036","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21950","name":"21950","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"rPath updates for firefox and thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2006_54_mozilla.html","name":"SUSE-SA:2006:054","refsource":"SUSE","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/22195","name":"22195","refsource":"SECUNIA","tags":[],"title":"Gentoo update for mozilla-firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21949","name":"21949","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2006-0676.html","name":"RHSA-2006:0676","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22066","name":"22066","refsource":"SECUNIA","tags":[],"title":"HP-UX update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.pianetapc.it/view.php?id=770","name":"http://www.pianetapc.it/view.php?id=770","refsource":"MISC","tags":[],"title":"Pagina non trovata - PianetaPC","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://secunia.com/advisories/22391","name":"22391","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1198","name":"ADV-2007-1198","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/443500/100/100/threaded","name":"20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200609-19.xml","name":"GLSA-200609-19","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  Mozilla Firefox: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22055","name":"22055","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for mozilla-thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016847","name":"1016847","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Mozilla Seamonkey Javascript Bugs Let Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/19488","name":"19488","refsource":"BID","tags":[],"title":"Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.mozilla.org/security/announce/2006/mfsa2006-59.html","name":"http://www.mozilla.org/security/announce/2006/mfsa2006-59.html","refsource":"CONFIRM","tags":[],"title":"MFSA 2006-59: Concurrency-related vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-354-1","name":"USN-354-1","refsource":"UBUNTU","tags":[],"title":"usn/usn-354-1 - Ubuntu: Linux for human beings","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/21939","name":"21939","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mozilla Thunderbird Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securiteam.com/securitynews/5VP0M0AJFW.html","name":"http://www.securiteam.com/securitynews/5VP0M0AJFW.html","refsource":"MISC","tags":[],"title":"SecuriTeam™ - Netscape Concurrency-related Memory Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/446140/100/0/threaded","name":"20060915 rPSA-2006-0169-1 firefox thunderbird","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm","refsource":"CONFIRM","tags":[],"title":"ASA-2006-224 (RHSA-2006-0675)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22074","name":"22074","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for mozilla-thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0083","name":"ADV-2008-0083","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200610-01.xml","name":"GLSA-200610-01","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  Mozilla Thunderbird: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/447837/100/200/threaded","name":"20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22210","name":"22210","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for firefox - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21940","name":"21940","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mozilla SeaMonkey Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/449726/100/0/threaded","name":"20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/3748","name":"ADV-2006-3748","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21915","name":"21915","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat update for seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/449487/100/0/threaded","name":"20061023 Flaw in Firefox 2.0 Final","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016848","name":"1016848","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Mozilla Thunderbird Javascript Bugs Let Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lcamtuf.coredump.cx/ffoxdie3.html","name":"http://lcamtuf.coredump.cx/ffoxdie3.html","refsource":"MISC","tags":[],"title":"wrong number (404)","mime":"text/html","httpstatus":"404","archivestatus":"403"},{"url":"http://www.ubuntu.com/usn/usn-352-1","name":"USN-352-1","refsource":"UBUNTU","tags":[],"title":"usn/usn-352-1 - Ubuntu: Linux for human beings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21513","name":"21513","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mozilla Firefox Memory Corruption Weakness - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200610-04.xml","name":"GLSA-200610-04","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  Seamonkey: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24711","name":"24711","refsource":"SECUNIA","tags":[],"title":"Netscape Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016846","name":"1016846","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Mozilla Firefox Javascript Bugs Let Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc","name":"20060901-01-P","refsource":"SGI","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://lcamtuf.coredump.cx/ffoxdie.html","name":"http://lcamtuf.coredump.cx/ffoxdie.html","refsource":"MISC","tags":[],"title":"wrong number (404)","mime":"text/html","httpstatus":"404","archivestatus":"403"},{"url":"http://www.vupen.com/english/advisories/2006/3617","name":"ADV-2006-3617","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21906","name":"21906","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mozilla Firefox Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/448984/100/100/threaded","name":"20061017 Re: Flaw in Firefox 2.0 RC2","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-351-1","name":"USN-351-1","refsource":"UBUNTU","tags":[],"title":"usn/usn-351-1 - Ubuntu: Linux for human beings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22056","name":"22056","refsource":"SECUNIA","tags":[],"title":"SUSE updates for MozillaFirefox, MozillaThunderbird, and seamonkey - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/449245/100/100/threaded","name":"20061019 Re: Flaw in Firefox 2.0 RC2","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2006-0675.html","name":"RHSA-2006:0675","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=348514","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=348514","refsource":"CONFIRM","tags":[],"title":"348514 – (CVE-2006-4253) Crash at http://lcamtuf.coredump.cx/ffoxdie.html (NOT due to too-much-recursion) [@ nsTextFrame::PrepareUnicodeText] [@ nsAutoIndexBuffer::~nsAutoIndexBuffer] (CVE-2006-4253)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/448956/100/100/threaded","name":"20061017 Flaw in Firefox 2.0 RC2","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/19534","name":"19534","refsource":"BID","tags":[],"title":"Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.redhat.com/support/errata/RHSA-2006-0677.html","name":"RHSA-2006:0677","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/447840/100/200/threaded","name":"20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528","name":"oval:org.mitre.oval:def:9528","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742","name":"SSRT061181","refsource":"HP","tags":[],"title":"IT Resource Center - login / register","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/22088","name":"22088","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for mozilla-thunderbird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:168","name":"MDKSA-2006:168","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:169","name":"MDKSA-2006:169","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-4253","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-4253","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"k-meleon_project","cpe5":"k-meleon","cpe6":"1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"k-meleon_project","cpe5":"k-meleon","cpe6":"1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9","cpe7":"rc","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"beta1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9","cpe7":"rc","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"0.9.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"beta1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5","cpe7":"beta2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.5.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netscape","cpe5":"navigator","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"4253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netscape","cpe5":"navigator","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-4253","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20061017 Flaw in Firefox 2.0 RC2","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/448956/100/100/threaded"},{"name":"20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/443500/100/100/threaded"},{"name":"1016847","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016847"},{"name":"22391","refsource":"SECUNIA","url":"http://secunia.com/advisories/22391"},{"name":"ADV-2006-3748","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/3748"},{"name":"RHSA-2006:0676","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2006-0676.html"},{"name":"http://www.mozilla.org/security/announce/2006/mfsa2006-59.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"},{"name":"http://lcamtuf.coredump.cx/ffoxdie.html","refsource":"MISC","url":"http://lcamtuf.coredump.cx/ffoxdie.html"},{"name":"22055","refsource":"SECUNIA","url":"http://secunia.com/advisories/22055"},{"name":"22195","refsource":"SECUNIA","url":"http://secunia.com/advisories/22195"},{"name":"oval:org.mitre.oval:def:9528","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"},{"name":"USN-352-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-352-1"},{"name":"21513","refsource":"SECUNIA","url":"http://secunia.com/advisories/21513"},{"name":"21950","refsource":"SECUNIA","url":"http://secunia.com/advisories/21950"},{"name":"USN-351-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-351-1"},{"name":"22025","refsource":"SECUNIA","url":"http://secunia.com/advisories/22025"},{"name":"22056","refsource":"SECUNIA","url":"http://secunia.com/advisories/22056"},{"name":"MDKSA-2006:168","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"},{"name":"20060812 Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/443020/100/100/threaded"},{"name":"22210","refsource":"SECUNIA","url":"http://secunia.com/advisories/22210"},{"name":"24711","refsource":"SECUNIA","url":"http://secunia.com/advisories/24711"},{"name":"GLSA-200610-04","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200610-04.xml"},{"name":"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm","refsource":"CONFIRM","url":"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"},{"name":"http://www.pianetapc.it/view.php?id=770","refsource":"MISC","url":"http://www.pianetapc.it/view.php?id=770"},{"name":"ADV-2008-0083","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0083"},{"name":"20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/443528/100/0/threaded"},{"name":"20060901-01-P","refsource":"SGI","url":"ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"},{"name":"21939","refsource":"SECUNIA","url":"http://secunia.com/advisories/21939"},{"name":"1016848","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016848"},{"name":"ADV-2006-3617","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/3617"},{"name":"21915","refsource":"SECUNIA","url":"http://secunia.com/advisories/21915"},{"name":"ADV-2007-1198","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1198"},{"name":"20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/447837/100/200/threaded"},{"name":"RHSA-2006:0677","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2006-0677.html"},{"name":"GLSA-200609-19","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200609-19.xml"},{"name":"SSRT061181","refsource":"HP","url":"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"},{"name":"20061017 Re: Flaw in Firefox 2.0 RC2","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/448984/100/100/threaded"},{"name":"22274","refsource":"SECUNIA","url":"http://secunia.com/advisories/22274"},{"name":"RHSA-2006:0675","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2006-0675.html"},{"name":"21940","refsource":"SECUNIA","url":"http://secunia.com/advisories/21940"},{"name":"22001","refsource":"SECUNIA","url":"http://secunia.com/advisories/22001"},{"name":"20060915 rPSA-2006-0169-1 firefox thunderbird","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/446140/100/0/threaded"},{"name":"USN-350-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-350-1"},{"name":"21906","refsource":"SECUNIA","url":"http://secunia.com/advisories/21906"},{"name":"HPSBUX02153","refsource":"HP","url":"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"},{"name":"20061019 Re: Flaw in Firefox 2.0 RC2","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/449245/100/100/threaded"},{"name":"GLSA-200610-01","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200610-01.xml"},{"name":"22074","refsource":"SECUNIA","url":"http://secunia.com/advisories/22074"},{"name":"22066","refsource":"SECUNIA","url":"http://secunia.com/advisories/22066"},{"name":"22088","refsource":"SECUNIA","url":"http://secunia.com/advisories/22088"},{"name":"20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/443306/100/100/threaded"},{"name":"21949","refsource":"SECUNIA","url":"http://secunia.com/advisories/21949"},{"name":"SUSE-SA:2006:054","refsource":"SUSE","url":"http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=348514","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=348514"},{"name":"19534","refsource":"BID","url":"http://www.securityfocus.com/bid/19534"},{"name":"https://issues.rpath.com/browse/RPL-640","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-640"},{"name":"20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/447840/100/200/threaded"},{"name":"http://lcamtuf.coredump.cx/ffoxdie3.html","refsource":"MISC","url":"http://lcamtuf.coredump.cx/ffoxdie3.html"},{"name":"20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/449726/100/0/threaded"},{"name":"22036","refsource":"SECUNIA","url":"http://secunia.com/advisories/22036"},{"name":"1016846","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016846"},{"name":"USN-354-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-354-1"},{"name":"19488","refsource":"BID","url":"http://www.securityfocus.com/bid/19488"},{"name":"20061023 Flaw in Firefox 2.0 Final","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/449487/100/0/threaded"},{"name":"22422","refsource":"SECUNIA","url":"http://secunia.com/advisories/22422"},{"name":"MDKSA-2006:169","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"},{"name":"http://www.securiteam.com/securitynews/5VP0M0AJFW.html","refsource":"MISC","url":"http://www.securiteam.com/securitynews/5VP0M0AJFW.html"},{"name":"21916","refsource":"SECUNIA","url":"http://secunia.com/advisories/21916"}]}},"nvd":{"publishedDate":"2006-08-21 20:04:00","lastModifiedDate":"2018-10-17 21:34:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.6},"severity":"HIGH","exploitabilityScore":4.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:k-meleon_project:k-meleon:1.0.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"4253","Ordinal":"19585","Title":"CVE-2006-4253","CVE":"CVE-2006-4253","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"4253","Ordinal":"1","NoteData":"Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"4253","Ordinal":"2","NoteData":"2006-08-21","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"4253","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}