ISS X-Force Database: firefox-iframe-contentwindowfocus-bo(25994): Mozilla Firefox contentWindow.focus() designMode code execution

Mozilla Firefox contentWindow.focus() designMode code execution

firefox-iframe-contentwindowfocus-bo (25994)

High Risk

Description:

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption vulnerability that can occur when "designMode" is set to "on". A remote attacker could exploit this vulnerability to execute arbitrary code or cause a victim's browser to crash by creating a malicious Web page that uses the contentWindows.focus() JavaScript control to reference a deleted object.

Platforms Affected:

Debian, Debian Linux 3.1
Gentoo, Linux
Mozilla, Firefox 1.5.0.2

Remedy:

Upgrade to the latest version of Firefox (1.5.0.3 or later), as listed in Mozilla Foundation Security Advisory 2006-30. See References.

For Debian GNU/Linux (Mozilla):
Refer to DSA-1053-1 for patch, upgrade, or suggested workaround information. See References.

For Debian GNU/Linux (Firefox):
Refer to DSA-1055-1 for patch, upgrade, or suggested workaround information. See References.

For HP Tru64 UNIX:
Refer to Hewlett-Packard Company Security Bulletin HPSBTU02118 SSRT061145 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

Browser Fun Blog Monday, July 03, 2006, MoBB #4: Mozilla Firefox DesignMode at http://browserfun.blogspot.com/2006/07/mobb-4-mozilla-firefox-designmode.html.
BugTraq Mailing List, Fri May 19 2006 - 08:05:21 CDT, [security bulletin] HPSBTU02118 SSRT061145 rev.1 - HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS) at http://archives.neohapsis.com/archives/bugtraq/2006-05/0379.html.
BugTraq Mailing List, Sun Apr 23 2006 - 20:26:37 CDT, Firefox Remote Code Execution and DoS 1.5.0.2 at http://archives.neohapsis.com/archives/bugtraq/2006-04/0502.html.
Hewlett-Packard Company Security Bulletin HPSBTU02118 SSRT061145, HP Tru64 UNIX Running Firefox or Mozilla Application Suite, Remote Execution of Arbitrary Code or Denial of Service (DoS) at http://h20000.www2.hp.com/bizsup.../Document.jsp?objectID=c00672120.
MFSA 2006-30, Deleted object reference when designMode="on" at http://www.mozilla.org/security/announce/2006/mfsa2006-30.html.
ASA-2006-259: HP-UX Firefox Vulnerabilities
ASA-2007-097: HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)
BID-17671: Mozilla Firefox iframe.contentWindow.focus Deleted Object Reference Vulnerability
CVE-2006-1993: Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
DSA-1053: mozilla -- programming error
DSA-1055: mozilla-firefox -- programming error
GLSA-200605-06: Mozilla Firefox: Potential remote code execution
SA19802: Firefox "contentWindow.focus()" Deleted Object Reference Vulnerability
SA20214: HP Tru64 UNIX Firefox/Mozilla Application Suite Vulnerability
SECTRACK ID: 1015981: Firefox IFRAME Initialization Function Lets Remote Users Execute Arbitrary Code
US-CERT VU#866300: Mozilla Firefox designMode deleted object reference
VUPEN/ADV-2006-1614: Mozilla Firefox Deleted Object Reference Remote Code Execution Vulnerability
VUPEN/ADV-2006-1922: HP Tru64 UNIX Security Update Fixes Mozilla Code Execution Vulnerability
VUPEN/ADV-2006-3748: HP-UX Security Update Fixes Mozilla Firefox Command Execution Vulnerabilities
VUPEN/ADV-2008-0083: HP-UX Security Update Fixes Firefox Command Execution Vulnerabilities

Reported:

Apr 23, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page