CVE-2006-4567

2006-09-15T14:07:00
ID CVE-2006-4567
Type cve
Reporter NVD
Modified 2017-10-10T21:31:13

Description

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.