1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA19802

Firefox "contentWindow.focus()" Deleted Object Reference Vulnerability

Report ID: SA19802
Source: Secunia
Date of Discovery: 25.04.2006
Criticality: Urgent
Affects:
Mozilla Firefox 1.x
Compromise From: From remote
Compromise Type: DoS
System access

Summary

A vulnerability has been reported in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

Detailed Description

A vulnerability has been reported in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

The vulnerability is caused due to a reference to a deleted object when designMode is enabled. This can be exploited to corrupt the memory and cause a crash by calling the "contentWindow.focus()" method on a container with specially crafted content.

Successful exploitation may allow execution of arbitrary code.

The vulnerability has been reported in versions 1.5 through 1.5.0.2.

Solution

Update to version 1.5.0.3.
http://www.mozilla.com/firefox/

CVE Reference

CVE-2006-1993