Concurrency vulnerability in Mozilla Firefox and Netscape browsers
CVE-2006-4253

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Navigator
K-meleon
Vendor
CVE Published:
21 August 2006

Summary

This vulnerability arises from a concurrency issue in Mozilla Firefox and various other browsers, which allows attackers to exploit multiple JavaScript timed events that load deeply nested XML files. This can lead to a precarious state where the browser may crash or, in some instances, allow arbitrary code execution. The flaw manifests when the browser is redirected to another page, resulting in a failure to manage internal data structures correctly. Reports have confirmed that this issue also affects versions of Netscape and K-Meleon, with exploitation demonstrated through tools such as ffoxdie.

References

http://www.securityfocus.com/archive/1/448956/100/100/thr...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/443500/100/100/thr...
mailing-listx_refsource_BUGTRAQ
http://securitytracker.com/id?1016847
vdb-entryx_refsource_SECTRACK

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-4253 : Concurrency vulnerability in Mozilla Firefox and Netscape browsers | SecurityVulnerability.io