CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows
remote attackers to cause a denial of service (crash) and possibly execute
arbitrary code via multiple Javascript timed events that load a deeply
nested XML file, followed by redirecting the browser to another page, which
leads to a concurrency failure that causes structures to be freed
incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has
been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by
ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the
same underlying vulnerability. NOTE: it was later reported that Firefox
2.0 RC2 and 1.5.0.7 are also affected.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | firefox-3.0 | < 3.0~alpha7-0ubuntu6 | UNKNOWN |
ubuntu | 7.10 | noarch | lightning-sunbird | < 0.5-0ubuntu4 | UNKNOWN |
ubuntu | 7.10 | noarch | midbrowser | < 0.1.6b-0ubuntu2 | UNKNOWN |
ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.06 | UNKNOWN |
ubuntu | 6.10 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.10 | UNKNOWN |
ubuntu | 7.04 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.7.04 | UNKNOWN |
ubuntu | 7.04 | noarch | xulrunner | < 1.8.0.10-3ubuntu1 | UNKNOWN |
ubuntu | 7.10 | noarch | xulrunner | < 1.8.0.10-3ubuntu1 | UNKNOWN |