Vulnerability Note VU#476724

Mozilla products fail to properly handle frame references

Overview

Mozilla products fail to properly handle frame or window references. This may allow a remote attacker to execute arbitrary code on a vulnerable system.

I. Description

JavaScript references are not properly cleared after an object is deleted. An attacker may be able to use the reference to a deleted object to execute arbitrary code on a vulnerable system.

According to the Mozilla Foundation Security Advisory 2006-044, versions of Mozilla Firefox prior to 1.5 and the Mozilla Suite are not affected by this vulnerability.

II. Impact

A remote, unauthenticated attacker could execute code with the privileges of the user running the Mozilla-based web browser.

III. Solution

Apply an update

This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3, according to the Mozilla Foundation Security Update MFSA 2006-44.

Disable JavaScript

This vulnerability can be mitigated by disabling JavaScript.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Mozilla, Inc.	Vulnerable	27-Jul-2006

References

http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
https://bugzilla.mozilla.org/show_bug.cgi?id=338288
http://secunia.com/advisories/19873/
http://secunia.com/advisories/21216/
http://secunia.com/advisories/21229/
http://secunia.com/advisories/21228/
http://www.securityfocus.com/bid/19181

Credit

This vulnerability was reported by the Mozilla Foundation, who in turn credit Thilo Germann.

This document was written by Ryan Giobbi.

Other Information

Date Public:	2006-07-25
Date First Published:	2006-07-27
Date Last Updated:	2007-02-09
CERT Advisory:
CVE-ID(s):	CVE-2006-3801
NVD-ID(s):	CVE-2006-3801
US-CERT Technical Alerts:
Metric:	8.35
Document Revision:	17

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader