Lucene search

[email protected]CVE-2006-4567

HistorySep 15, 2006 - 6:07 p.m.

CVE-2006-4567

2006-09-1518:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mozilla firefox

thunderbird

cve-2006-4567

security vulnerability

certificate validation

remote attack

dns spoofing

6.5 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.025 Low

EPSS

Percentile

90.0%

JSON

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle1.5.0.6
mozilla:thunderbirdmozilla thunderbirdle1.5.0.6

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	1.5.0.6
mozilla:thunderbird	mozilla thunderbird	le	1.5.0.6

References

secunia.com/advisories/21906

secunia.com/advisories/21916

secunia.com/advisories/21939

secunia.com/advisories/21949

secunia.com/advisories/21950

secunia.com/advisories/22001

secunia.com/advisories/22025

secunia.com/advisories/22055

secunia.com/advisories/22056

secunia.com/advisories/22066

secunia.com/advisories/22074

secunia.com/advisories/22088

secunia.com/advisories/22195

secunia.com/advisories/22210

secunia.com/advisories/22274

secunia.com/advisories/22422

security.gentoo.org/glsa/glsa-200609-19.xml

security.gentoo.org/glsa/glsa-200610-01.xml

securitytracker.com/id?1016850

securitytracker.com/id?1016851

support.avaya.com/elmodocs2/security/ASA-2006-224.htm

www.mandriva.com/security/advisories?name=MDKSA-2006:168

www.mandriva.com/security/advisories?name=MDKSA-2006:169

www.mozilla.org/security/announce/2006/mfsa2006-58.html

www.novell.com/linux/security/advisories/2006_54_mozilla.html

www.redhat.com/support/errata/RHSA-2006-0675.html

www.redhat.com/support/errata/RHSA-2006-0677.html

www.securityfocus.com/archive/1/446140/100/0/threaded

www.securityfocus.com/bid/20042

www.ubuntu.com/usn/usn-350-1

www.ubuntu.com/usn/usn-351-1

www.ubuntu.com/usn/usn-352-1

www.ubuntu.com/usn/usn-354-1

www.vupen.com/english/advisories/2006/3617

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2008/0083

www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

exchange.xforce.ibmcloud.com/vulnerabilities/28950

issues.rpath.com/browse/RPL-640

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10488

6.5 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.025 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2006-4567

debiancve1 veracode1 securityvulns1 mozilla1 ubuntucve1 nessus21 openvas9 ubuntu3 gentoo2 oraclelinux2 redhat2 centos2 freebsd1 suse1 cert2