Lucene search

K
mozillaMozilla FoundationMFSA2006-24
HistoryApr 13, 2006 - 12:00 a.m.

Privilege escalation using crypto.generateCRMFRequest — Mozilla

2006-04-1300:00:00
Mozilla Foundation
www.mozilla.org
7

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.261

Percentile

96.8%

shutdown demonstrated that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user, which could enable an attacker to install malware.

Affected configurations

Vulners
Node
mozillafirefoxRange<1.0.8
OR
mozillafirefoxRange<1.5.0.2
OR
mozillamozilla_suiteRange<1.7.13
OR
mozillaseamonkeyRange<1.0.1
OR
mozillathunderbirdRange<1.0.8
OR
mozillathunderbirdRange<1.5.0.2

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.261

Percentile

96.8%