CVE-2006-5633 - Vulnerability Details - OpenCVE

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox Seamonkey

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:2.0:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html
http://www.gotfault.net/research/advisory/gadv-firefox.txt
http://www.securityfocus.com/archive/1/450155/100/0/threaded
http://www.securityfocus.com/archive/1/450167/100/0/threaded
http://www.securityfocus.com/archive/1/450168/100/0/threaded
http://www.securityfocus.com/archive/1/450682/100/200/threaded
http://www.securityfocus.com/archive/1/452803/100/0/threaded
http://www.securityfocus.com/bid/20799
https://bugzilla.mozilla.org/show_bug.cgi?id=358797
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237
https://exchange.xforce.ibmcloud.com/vulnerabilities/29916

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-31T22:00:00

Updated: 2024-08-07T19:55:54.111Z

Reserved: 2006-10-31T00:00:00

Link: CVE-2006-5633

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-10-31T22:07:00.000

Modified: 2024-11-21T00:19:59.563

Link: CVE-2006-5633

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061101 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/450682/100/200/threaded"}, {"name": "20061031 New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/450155/100/0/threaded"}, {"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/450168/100/0/threaded"}, {"name": "20061030 Firefox <= 2.0 crash", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797"}, {"name": "firefox-createrange-dos(29916)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29916"}, {"name": "20061127 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452803/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gotfault.net/research/advisory/gadv-firefox.txt"}, {"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/450167/100/0/threaded"}, {"name": "20799", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20799"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5633", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061101 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/450682/100/200/threaded"}, {"name": "20061031 New Flaw in Firefox 2.0: DoS and possible remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/450155/100/0/threaded"}, {"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/450168/100/0/threaded"}, {"name": "20061030 Firefox <= 2.0 crash", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797"}, {"name": "firefox-createrange-dos(29916)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29916"}, {"name": "20061127 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452803/100/0/threaded"}, {"name": "http://www.gotfault.net/research/advisory/gadv-firefox.txt", "refsource": "MISC", "url": "http://www.gotfault.net/research/advisory/gadv-firefox.txt"}, {"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/450167/100/0/threaded"}, {"name": "20799", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20799"}, {"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:55:54.111Z"}, "title": "CVE Program Container", "references": [{"name": "20061101 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/450682/100/200/threaded"}, {"name": "20061031 New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/450155/100/0/threaded"}, {"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/450168/100/0/threaded"}, {"name": "20061030 Firefox <= 2.0 crash", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797"}, {"name": "firefox-createrange-dos(29916)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29916"}, {"name": "20061127 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452803/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gotfault.net/research/advisory/gadv-firefox.txt"}, {"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/450167/100/0/threaded"}, {"name": "20799", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20799"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5633", "datePublished": "2006-10-31T22:00:00", "dateReserved": "2006-10-31T00:00:00", "dateUpdated": "2024-08-07T19:55:54.111Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "matchCriteriaId": "D58B704B-F06E-44C1-BBD1-A090D1E6583A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference."}, {"lang": "es", "value": "Firefox 1.5.0.7 y 2.0, y Seamonkey 1.1b, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) creando un objeto rango usando createRange, llamando a selectNode en un nodo DocType (DOCUMENT_TYPE_NODE), y despu\u00e9s llamando a createContextualFragment en el rango, lo cual dispara una referencia nula. NOTA: el post original en Bugtraq mencionaba que la ejecuci\u00f3n de c\u00f3digo era posible, pero an\u00e1lisis posteriores han mostrado que es s\u00f3lo una referencia nula."}], "id": "CVE-2006-5633", "lastModified": "2024-11-21T00:19:59.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-31T22:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.gotfault.net/research/advisory/gadv-firefox.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/450155/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/450167/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/450168/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/450682/100/200/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452803/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20799"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.gotfault.net/research/advisory/gadv-firefox.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/450155/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/450167/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/450168/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/450682/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452803/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29916"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.", "lastModified": "2006-11-07T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}