Mozilla Firefox XML Handler Race Condition Memory Corruption Vulnerability

Bugtraq ID: 19534
Class: Race Condition Error
CVE: CVE-2006-4261
Remote: Yes
Local: No
Published: Aug 15 2006 12:00AM
Updated: Sep 05 2007 03:42PM
Credit: Michal Zalewski <lcamtuf@dione.ids.pl> discovered this vulnerability. Juha-Matti Laurio tested the issue in K-Meleon, Flock, and Netscape.
Vulnerable: Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
Novell Linux Desktop 9
Netscape Browser 8.0.4
Netscape Browser 8.0.3 .3
Netscape Browser 8.0.1
Netscape Browser 8.1
Netscape Browser 8.0
Mozilla Thunderbird 1.5.0.5
Mozilla SeaMonkey 1.0.3
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5
Mozilla Firefox 1.0.8
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
+ Gentoo Linux
Mozilla Firefox 1.0.2
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.2
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 4
Mozilla Firefox 1.0.1
+ Red Hat Fedora Core3
Mozilla Firefox 1.0
+ Gentoo Linux
+ Gentoo Linux
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ Slackware Linux 10.1
+ Slackware Linux 10.0
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux -current
+ Slackware Linux -current
Mozilla Firefox 0.10.1
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Firefox 2.0 beta 1
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.5.0.5
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
K-Meleon K-Meleon 1.0.1
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.11
Flock Flock 0.7.4 1
Not Vulnerable: Netscape Browser 8.1.3
Mozilla Thunderbird 1.5.0.7
Mozilla SeaMonkey 1.0.5
Mozilla Firefox 1.5.0.7


 

Privacy Statement
Copyright 2010, SecurityFocus