U88484

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.5.0.6 and earlier K-Meleon version 1.0.1 and earlier Netscape Navigator version 8.1 and earlier Description: The issue is related to insufficient access control and concurrency vulnerabilities, allowing a remote attacker to cause a denial of service or execute arbitrary code via JavaScript code that redirects the user to another page. This can be achieved by loading a deeply nested XML file, followed by redirecting the browser to another page, leading to a concurrency failure that causes structures to be freed incorrectly. Recommendations: For Mozilla Firefox versions 1.5.0.6 and earlier: update to a version later than 1.5.0.6 to resolve the issue. For K-Meleon version 1.0.1 and earlier: consider disabling JavaScript functionality until a patch is available. For Netscape Navigator version 8.1 and earlier: restrict access to nested XML files to minimize the risk of exploitation.