Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-361-1
HistoryOct 10, 2006 - 12:00 a.m.

Mozilla vulnerabilities

2006-10-1000:00:00
ubuntu.com
44

6.5 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Releases

  • Ubuntu 5.10
  • Ubuntu 5.04

Details

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565,
CVE-2006-4568, CVE-2006-4571)

A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user’s privileges. (CVE-2006-3808)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570)

OSVersionArchitecturePackageVersionFilename
Ubuntu5.10noarchmozilla-psm< 2:1.7.13-0ubuntu5.10.2UNKNOWN
Ubuntu5.10noarchmozilla-mailnews< 2:1.7.13-0ubuntu5.10.2UNKNOWN
Ubuntu5.10noarchlibnspr4< 2:1.7.13-0ubuntu5.10.2UNKNOWN
Ubuntu5.10noarchmozilla-browser< 2:1.7.13-0ubuntu5.10.2UNKNOWN
Ubuntu5.10noarchlibnss3< 2:1.7.13-0ubuntu5.10.2UNKNOWN
Ubuntu5.04noarchmozilla-psm< 2:1.7.13-0ubuntu05.04.2UNKNOWN
Ubuntu5.04noarchmozilla-mailnews< 2:1.7.13-0ubuntu05.04.2UNKNOWN
Ubuntu5.04noarchlibnspr4< 2:1.7.13-0ubuntu05.04.2UNKNOWN
Ubuntu5.04noarchmozilla-browser< 2:1.7.13-0ubuntu05.04.2UNKNOWN
Ubuntu5.04noarchlibnss3< 2:1.7.13-0ubuntu05.04.2UNKNOWN

Related

openvas 40
nessus 57
osv 6
debian 9
oraclelinux 5
redhat 8
centos 9
gentoo 6
ubuntu 5
suse 2
freebsd 2
mozilla 8
cert 6
securityvulns 1
debiancve 9
cve 10
ubuntucve 10
veracode 4
checkpoint_advisories 1
prion 1
openvas
openvas
Ubuntu: Security Advisory (USN-361-1)
2022-08-26 00:00:00
Debian Security Advisory DSA 1161-2 (mozilla-firefox)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1161-1)
2008-01-17 00:00:00
nessus
nessus
Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-361-1)
2007-11-10 00:00:00
Debian DSA-1161-2 : mozilla-firefox - several vulnerabilities
2006-10-14 00:00:00
Debian DSA-1191-1 : mozilla-thunderbird - several vulnerabilities
2006-10-14 00:00:00
osv
osv
mozilla-firefox - several vulnerabilities
2006-08-29 00:00:00
mozilla
2006-10-06 00:00:00
mozilla-thunderbird
2006-10-05 00:00:00
debian
debian
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities
2006-08-29 17:17:51
[SECURITY] [DSA 1161-2] New Mozilla Firefox packages fix several vulnerabilities
2006-09-13 11:03:17
[SECURITY] [DSA 1192-1] New Mozilla packages fix several vulnerabilities
2006-10-06 12:11:15
oraclelinux
oraclelinux
Critical seamonkey security update
2006-12-07 00:00:00
Critical thunderbird security update
2006-12-07 00:00:00
Critical firefox security update
2006-12-07 00:00:00
redhat
redhat
(RHSA-2006:0676) seamonkey security update
2006-09-15 00:00:00
(RHSA-2006:0677) thunderbird security update
2006-09-15 00:00:00
(RHSA-2006:0675) firefox security update
2006-09-15 00:00:00
centos
centos
seamonkey security update
2006-09-17 23:20:54
devhelp, seamonkey security update
2006-09-15 14:57:11
thunderbird security update
2006-09-15 14:57:35
gentoo
gentoo
Seamonkey: Multiple vulnerabilities
2006-10-16 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-10-04 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-08-03 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2006-09-22 00:00:00
Thunderbird vulnerabilities
2006-09-25 00:00:00
firefox vulnerabilities
2006-07-28 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2006-09-22 13:02:47
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2006-08-16 15:11:18
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-09-14 00:00:00
mozilla -- multiple vulnerabilities
2006-07-25 00:00:00
mozilla
mozilla
JavaScript engine vulnerabilities — Mozilla
2006-07-25 00:00:00
JavaScript execution in mail via XBL — Mozilla
2006-09-14 00:00:00
Crashes with evidence of memory corruption (rv:1.8.0.7) — Mozilla
2006-09-14 00:00:00
cert
cert
OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
2006-09-28 00:00:00
OpenSSL SSLv2 client code fails to properly check for NULL
2006-09-28 00:00:00
Mozilla contains multiple memory corruption vulnerabilities
2006-07-27 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities
2006-07-28 00:00:00
debiancve
debiancve
CVE-2006-4570
2006-09-15 19:07:00
CVE-2006-4571
2006-09-15 19:07:00
CVE-2006-3806
2006-07-27 19:04:00
cve
cve
CVE-2006-4570
2006-09-15 19:07:00
CVE-2006-4571
2006-09-15 19:07:00
CVE-2006-3809
2006-07-27 20:04:00
ubuntucve
ubuntucve
CVE-2006-4570
2006-09-15 00:00:00
CVE-2006-4571
2006-09-15 00:00:00
CVE-2006-3808
2006-07-27 00:00:00
veracode
veracode
Restriction Bypass
2020-04-10 00:13:13
Remote Code Execution (RCE)
2020-04-10 00:13:14
Spoofable SSL Certificate
2020-04-10 00:13:11
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Javascript Engine Code Execution - Ver2 (CVE-2006-3806)
2014-12-28 00:00:00
prion
prion
Double free
2006-06-02 21:06:00

6.5 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for USN-361-1
openvas40nessus57osv6debian9oraclelinux5redhat8centos9gentoo6ubuntu5suse2freebsd2mozilla8cert6securityvulns1debiancve9cve10ubuntucve10veracode4checkpoint_advisories1prion1