Overview
Mozilla products contain an unspecified vulnerability in the way they handle display styles. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Description
Mozilla products contain an unspecified vulnerability in the way they handle the -moz-grid and -moz-grid-group display styles. If a remote attacker can persuade a user to access a specially crafted web page, that attacker may be able to cause the attacked Mozilla product to crash in a way that could allow them to execute arbitrary code. For more information please refer to Mozilla Foundation Security Advisory 2006-11. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code or cause the attacked Mozilla product to crash. |
Solution
Upgrade |
Disable JavaScript
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-11. Mozilla credits Alden D'Souza with providing information regarding this issue.
This document was written by Jeff Gennari
Other Information
| CVE IDs: | CVE-2006-1738 |
| Severity Metric: | 17.56 |
| Date Public: | 2006-04-11 |
| Date First Published: | 2006-04-17 |
| Date Last Updated: | 2006-04-17 17:04 UTC |
| Document Revision: | 20 |