Vulnerability Description
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | 1.4 |
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
- ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
- http://secunia.com/advisories/18700
- http://secunia.com/advisories/18703
- http://secunia.com/advisories/18704
- http://secunia.com/advisories/18705
- http://secunia.com/advisories/18706
- http://secunia.com/advisories/18708
- http://secunia.com/advisories/18709
- http://secunia.com/advisories/19230
- http://secunia.com/advisories/19746
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19780
- http://secunia.com/advisories/19821
- http://secunia.com/advisories/19823
FAQ
What is CVE-2006-0292?
CVE-2006-0292 is a vulnerability with a CVSS score of 7.5 (HIGH). The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitra...
How severe is CVE-2006-0292?
CVE-2006-0292 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0292?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.