DescriptionMozilla Firefox and Thunderbird before 18.104.22.168 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2006:035, published Fri, 23 Jun 2006 10:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 03:03:50 2013
CVE page last modified: Fri Oct 7 12:45:33 2022