Unrated severityNVD Advisory· Published Apr 25, 2006· Updated Jun 16, 2026
CVE-2006-1993
CVE-2006-1993
Description
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- (no CPE)range: =1.5.0.2
Patches
Vulnerability mechanics
References
24- secunia.com/advisories/19802nvdPatchVendor Advisory
- securitytracker.com/idnvdExploit
- www.securident.com/vuln/ff.txtnvdExploit
- www.securityfocus.com/bid/17671nvdExploitPatch
- secunia.com/advisories/20015nvdVendor Advisory
- secunia.com/advisories/20019nvdVendor Advisory
- secunia.com/advisories/20070nvdVendor Advisory
- secunia.com/advisories/20214nvdVendor Advisory
- secunia.com/advisories/22066nvdVendor Advisory
- www.kb.cert.org/vuls/id/866300nvdThird Party AdvisoryUS Government Resource
- www.mozilla.org/security/announce/2006/mfsa2006-30.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2006/1614nvdVendor Advisory
- www.vupen.com/english/advisories/2006/1922nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3748nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0083nvdVendor Advisory
- securityreason.com/securityalert/780nvd
- www.debian.org/security/2006/dsa-1053nvd
- www.debian.org/security/2006/dsa-1055nvd
- www.gentoo.org/security/en/glsa/glsa-200605-06.xmlnvd
- www.securityfocus.com/archive/1/431878/100/0/threadednvd
- www.securityfocus.com/archive/1/434524/100/0/threadednvd
- www.securityfocus.com/archive/1/446658/100/200/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25994nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790nvd
News mentions
0No linked articles in our index yet.