190124 – CVE-2006-1993 Firefox arbitrary code execution vulnerability

Bug 190124 - CVE-2006-1993 Firefox arbitrary code execution vulnerability

Summary: CVE-2006-1993 Firefox arbitrary code execution vulnerability

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:	source=mozilla,reported=20060424,impa...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-27 19:52 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-05-12 15:40:55 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-04-27 19:52:59 UTC

A bug exists in Firefox (1.5 branch only) in the way it handles
iframe.contentWindow.focus() calls.  A malicious web page could potentially
execute arbitrary code as the user running firefox.

The initial post to bugtraq can be found here:
http://www.securityfocus.com/archive/1/archive/1/431878/100/0/threaded

Comment 2 Josh Bressers 2006-05-12 15:40:55 UTC

This issue has been fixed in FEDORA-2006-547

Note You need to log in before you can comment on or make changes to this bug.