CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
100.0%
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565,
CVE-2006-4568, CVE-2006-4571)
A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user’s privileges. (CVE-2006-3808)
The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)
Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 5.10 | noarch | mozilla-psm | < 2:1.7.13-0ubuntu5.10.2 | UNKNOWN |
Ubuntu | 5.10 | noarch | mozilla-mailnews | < 2:1.7.13-0ubuntu5.10.2 | UNKNOWN |
Ubuntu | 5.10 | noarch | libnspr4 | < 2:1.7.13-0ubuntu5.10.2 | UNKNOWN |
Ubuntu | 5.10 | noarch | mozilla-browser | < 2:1.7.13-0ubuntu5.10.2 | UNKNOWN |
Ubuntu | 5.10 | noarch | libnss3 | < 2:1.7.13-0ubuntu5.10.2 | UNKNOWN |
Ubuntu | 5.04 | noarch | mozilla-psm | < 2:1.7.13-0ubuntu05.04.2 | UNKNOWN |
Ubuntu | 5.04 | noarch | mozilla-mailnews | < 2:1.7.13-0ubuntu05.04.2 | UNKNOWN |
Ubuntu | 5.04 | noarch | libnspr4 | < 2:1.7.13-0ubuntu05.04.2 | UNKNOWN |
Ubuntu | 5.04 | noarch | mozilla-browser | < 2:1.7.13-0ubuntu05.04.2 | UNKNOWN |
Ubuntu | 5.04 | noarch | libnss3 | < 2:1.7.13-0ubuntu05.04.2 | UNKNOWN |
ubuntu.com/security/CVE-2006-2788
ubuntu.com/security/CVE-2006-3805
ubuntu.com/security/CVE-2006-3806
ubuntu.com/security/CVE-2006-3807
ubuntu.com/security/CVE-2006-3808
ubuntu.com/security/CVE-2006-3809
ubuntu.com/security/CVE-2006-3811
ubuntu.com/security/CVE-2006-4340
ubuntu.com/security/CVE-2006-4565
ubuntu.com/security/CVE-2006-4568
ubuntu.com/security/CVE-2006-4570
ubuntu.com/security/CVE-2006-4571