VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 2, 2006· Updated Jun 16, 2026

CVE-2006-0292

CVE-2006-0292

Description

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

27
  • Mozilla Corporation/Firefox20 versions
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    • (no CPE)range: <1.5.1
  • Mozilla Corporation/Mozilla7 versions
    cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
    • (no CPE)range: <1.5.1

Patches

Vulnerability mechanics

Root cause

"The Javascript interpreter in jsinterp.c fails to properly root object references during garbage collection, leading to unsafe dereference of freed objects."

Attack vector

A remote attacker can craft a malicious web page that triggers the unrooted object access in the Javascript interpreter. By exploiting the garbage collection mechanism, the attacker causes a use-after-free or similar memory corruption, leading to a denial of service (crash) or potentially arbitrary code execution. The exact attack vector is not fully specified in the advisory, but it is network-based and requires no authentication.

Affected code

The vulnerability resides in `jsinterp.c`, the Javascript interpreter of Mozilla and Firefox. The bug is described as "Unrooted access in jsinterp.c" [ref_id=1], meaning the interpreter fails to properly dereference objects during garbage collection.

What the fix does

The patch, backported to the 1.0.x branch, addresses the unrooted access by ensuring that objects are properly rooted (i.e., their references are tracked) during garbage collection [ref_id=1]. This prevents the interpreter from dereferencing objects that have been freed, closing the memory corruption vector. The fix was reviewed and approved by multiple Mozilla developers.

Preconditions

  • networkThe attacker must serve a malicious web page to a victim using a vulnerable version of Mozilla or Firefox (before 1.5.1).
  • inputThe victim must visit the attacker's page with Javascript enabled.

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

60

News mentions

0

No linked articles in our index yet.