Lucene search
Mozilla FoundationMFSA2006-58HistorySep 14, 2006 - 12:00 a.m.
Auto-update compromise through DNS and SSL spoofing — Mozilla
2006-09-1400:00:00
Mozilla Foundation
www.mozilla.org
12
0.025 Low
EPSS
Percentile
90.1%
The Firefox and Thunderbird auto-update mechanism protects itself against DNS spoofing using SSL; only a site presenting a valid certificate for aus2.mozilla.org will be trusted as a source of update information. Jon Oberheide points out, however, that many users accept unverifiable self-signed certificates without much thought on “low value” sites, and this could be used as the basis of an attack on the update system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 1.5.0.7 | |
| thunderbird | lt | 1.5.0.7 |
Related
cve
cve
CVE-2006-4567
2006-09-15 18:07:00
debiancve
debiancve
CVE-2006-4567
2006-09-15 18:07:00
cvelist
cvelist
CVE-2006-4567
2006-09-15 18:00:00
ubuntucve
ubuntucve
CVE-2006-4567
2006-09-15 00:00:00
veracode
veracode
DNS Spoofing
2020-04-10 00:15:10
securityvulns
securityvulns
Microsoft ClickOnce MITM Vulnerabilities
2010-07-19 00:00:00
nessus
nessus
Fedora Core 5 : thunderbird-1.5.0.7-1.fc5 (2006-977)
2007-01-17 00:00:00
CentOS 4 : thunderbird (CESA-2006:0677)
2006-09-22 00:00:00
Fedora Core 5 : firefox-1.5.0.7-1.fc5 (2006-976)
2007-01-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-352-1)
2022-08-26 00:00:00
Gentoo Security Advisory GLSA 200610-01 (thunderbird)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200610-01 (thunderbird)
2008-09-24 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2006-10-04 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-09-28 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2006-09-25 00:00:00
firefox vulnerabilities
2006-09-23 00:00:00
Thunderbird vulnerabilities
2006-09-22 00:00:00
centos
centos
thunderbird security update
2006-09-15 14:57:35
firefox security update
2006-09-15 14:57:18
redhat
redhat
(RHSA-2006:0677) thunderbird security update
2006-09-15 00:00:00
(RHSA-2006:0675) firefox security update
2006-09-15 00:00:00
oraclelinux
oraclelinux
Critical thunderbird security update
2006-12-07 00:00:00
Critical firefox security update
2006-12-07 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2006-09-22 13:02:47
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-09-14 00:00:00
cert
cert
OpenSSL SSLv2 client code fails to properly check for NULL
2006-09-28 00:00:00
OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
2006-09-28 00:00:00