CVE-2006-5159
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/10/2006
Last modified:
09/04/2025
Description
Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources"
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/
- http://securityreason.com/securityalert/1678
- http://securitytracker.com/id?1016962=
- http://www.securityfocus.com/archive/1/447493/100/0/threaded
- http://www.securityfocus.com/archive/1/447497/100/0/threaded
- http://www.securityfocus.com/bid/20282
- http://www.securityfocus.com/bid/20294
- http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29317
- http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/
- http://securityreason.com/securityalert/1678
- http://securitytracker.com/id?1016962=
- http://www.securityfocus.com/archive/1/447493/100/0/threaded
- http://www.securityfocus.com/archive/1/447497/100/0/threaded
- http://www.securityfocus.com/bid/20282
- http://www.securityfocus.com/bid/20294
- http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29317