mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
971 B
971 B
CVE-2006-1993
Description
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
POC
Reference
- http://securityreason.com/securityalert/780
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
Github
No PoCs found on GitHub currently.