CVE-2006-5633

Firefox 1.5.0.7 and 2.0 and Seamonkey 1.1b - Denial of Service via DocType Node Range Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5633. PoCs published by Gotfault Security.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Mozilla Firefox by triggering a NULL pointer dereference in the Range object's createContextualFragment method when a DOCUMENT_TYPE_NODE is selected. The PoC crashes Firefox by manipulating the DOM Range API.

Description

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gotfault Security · htmldosmultiple

https://www.exploit-db.com/exploits/2695

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Mozilla Firefox by triggering a NULL pointer dereference in the Range object's createContextualFragment method when a DOCUMENT_TYPE_NODE is selected. The PoC crashes Firefox by manipulating the DOM Range API.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Mozilla Firefox 1.5.0.7 and below, 2.0

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a crafted HTML file

MITRE ATT&CK