Red Hat Customer Portal

Skip to main content

CVE-2006-4253

Impact:
Important
Public Date:
2006-08-12

The MITRE CVE dictionary describes this issue as:

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

Find out more about CVE-2006-4253 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2006:0677 2006-09-15
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2006:0676 2006-09-15
Red Hat Enterprise Linux 4 (firefox) RHSA-2006:0675 2006-09-15
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2006:0676 2006-09-15
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2006:0676 2006-09-15

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 4 seamonkey 1.0.5-0.1.el4 Fixed
Red Hat Enterprise Linux version 4 devhelp 0.10-0.4.el4 Fixed