Overview
Mozilla products fail to properly handle the XML.prototype.hasOwnProperty() method. This vulnerability may allow a remote attacker execute arbitrary code.
Description
The ECMAScript for XML (E4X) Specification defines the XML.prototype.hasOwnProperty() as a JavaScript method used to determine if an object contains a specific property. Mozilla products fail to properly handle the XML.prototype.hasOwnProperty() method, which can lead to memory corruption. For more information refer to Mozilla Foundation Security Advisory 2006-65. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash. |
Solution
Apply an update |
Disable JavaScript |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=355569
- http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
- http://www.mozilla.org/js/language/ECMA-357.pdf
- http://www.mozilla.com/en-US/firefox/releases/1.5.0.8.html
- http://www.mozilla.com/thunderbird/releases/1.5.0.8.html
- http://www.mozilla.org/projects/seamonkey/
- http://www.mozilla.com/en-US/firefox/
- http://secunia.com/advisories/22929/
- http://secunia.com/advisories/22980/
- http://secunia.com/advisories/23013/
- http://secunia.com/advisories/22763/
- http://secunia.com/advisories/23009/
- http://secunia.com/advisories/22815/
- http://secunia.com/advisories/22727/
- http://secunia.com/advisories/22770/
- http://secunia.com/advisories/22722/
Acknowledgements
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-65. Mozilla credits shutdown for providing information concerning this issue.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2006-5747 |
| Severity Metric: | 14.45 |
| Date Public: | 2006-11-08 |
| Date First Published: | 2006-11-08 |
| Date Last Updated: | 2006-12-21 18:52 UTC |
| Document Revision: | 37 |