Bug 153736

Summary:	www-client/mozilla-firefox - remote DoS (CVE-2006-5633)
Product:	Gentoo Linux	Reporter:	Carsten Lohrke (RETIRED) <carlo>
Component:	Current packages	Assignee:	Mozilla Gentoo Team <mozilla>
Status:	RESOLVED DUPLICATE
Severity:	normal	CC:	sgtphou
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2006-10/msg00509.html
Whiteboard:
Package list:		Runtime testing required:	---

Description Carsten Lohrke (RETIRED) gentoo-dev

2006-11-01 12:21:35 UTC

Firefox 1.5.0.7 and 2.0 allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but as of 20061031, best available information suggests that it is only a null dereference.

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2006-11-01 12:59:30 UTC

the security team dont usually consider browser crashes security bugs, as they're more of an annoyance than a legitimate denial of service. 

Reassigning to mozilla..

Comment 2 Bryan Østergaard (RETIRED) gentoo-dev

2006-11-01 16:00:03 UTC


*** This bug has been marked as a duplicate of 152591 ***