ID CVE-2006-4567
Type cve
Reporter NVD
Modified 2017-10-10T21:31:13


Mozilla Firefox before and Thunderbird before makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.