Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-428-2
HistoryMar 02, 2007 - 12:00 a.m.

Firefox regression

2007-03-0200:00:00
ubuntu.com
33

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Releases

  • Ubuntu 6.06

Details

USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to
library paths caused applications depending on libnss3 to fail to start
up. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user’s privileges. (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library.
(CVE-2007-0009)

Various flaws have been reported that could allow an attacker to
execute arbitrary code with user privileges by tricking the user into
opening a malicious web page. (CVE-2007-0775, CVE-2007-0776,
CVE-2007-0777, CVE-2007-1092)

Two web pages could collide in the disk cache with the result that
depending on order loaded the end of the longer document could be
appended to the shorter when the shorter one was reloaded from the
cache. It is possible a determined hacker could construct a targeted
attack to steal some sensitive data from a particular web page. The
potential victim would have to be already logged into the targeted
service (or be fooled into doing so) and then visit the malicious
site. (CVE-2007-0778)

David Eckel reported that browser UI elements–such as the host name
and security indicators–could be spoofed by using custom cursor
images and a specially crafted style sheet. (CVE-2007-0779)

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchlibnspr4< 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2UNKNOWN
Ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2UNKNOWN
Ubuntu6.06noarchlibnss3< 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2UNKNOWN

Related

openvas 40
ubuntu 2
nessus 42
freebsd 1
suse 2
centos 5
redhat 5
oraclelinux 3
gentoo 4
osv 1
debian 1
securityvulns 12
mozilla 7
fedora 4
ubuntucve 13
veracode 12
cve 14
checkpoint_advisories 6
prion 13
seebug 3
cert 7
exploitpack 1
jvn 1
openvas
openvas
Ubuntu: Security Advisory (USN-428-2)
2009-03-23 00:00:00
Mandriva Update for mozilla-firefox MDKSA-2007:050 (mozilla-firefox)
2009-04-09 00:00:00
Mandriva Update for mozilla-firefox MDKSA-2007:050 (mozilla-firefox)
2009-04-09 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-03-01 00:00:00
Thunderbird vulnerabilities
2007-03-07 00:00:00
nessus
nessus
openSUSE 10 Security Update : seamonkey (seamonkey-2811)
2007-10-17 00:00:00
Ubuntu 6.06 LTS : firefox regression (USN-428-2)
2007-11-10 00:00:00
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2699)
2007-10-17 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2007-02-23 00:00:00
suse
suse
remote code execution in mozilla,MozillaThunderbird,seamonkey
2007-03-20 12:18:53
remote code execution in MozillaFirefox,seamonkey
2007-03-06 19:04:00
centos
centos
thunderbird security update
2007-03-04 11:06:21
firefox security update
2007-02-24 13:53:25
seamonkey security update
2007-03-16 07:21:16
redhat
redhat
(RHSA-2007:0078) Critical: thunderbird security update
2007-03-02 00:00:00
(RHSA-2007:0077) Critical: seamonkey security update
2007-02-23 00:00:00
(RHSA-2007:0079) Critical: Firefox security update
2007-02-23 00:00:00
oraclelinux
oraclelinux
Critical: Firefox security update
2007-02-24 00:00:00
Critical: thunderbird security update
2007-03-02 00:00:00
Critical: seamonkey security update
2007-02-24 00:00:00
gentoo
gentoo
SeaMonkey: Multiple vulnerabilities
2007-03-09 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2007-03-02 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2007-03-18 00:00:00
osv
osv
mozilla-firefox
2007-07-22 00:00:00
debian
debian
[SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities
2007-07-22 17:43:28
securityvulns
securityvulns
Multiple Mozilla Firefox / Thunderbird / Seamonkey vulnerabilities
2007-03-06 00:00:00
Mozilla Foundation Security Advisory 2007-01
2007-02-27 00:00:00
Mozilla Foundation Security Advisory 2007-02
2007-02-27 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) — Mozilla
2007-02-23 00:00:00
Improvements to help protect against Cross-Site Scripting attacks — Mozilla
2007-02-23 00:00:00
Mozilla Network Security Services (NSS) SSLv2 buffer overflows — Mozilla
2007-02-23 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: nspr-4.6.5-0.5.0.fc5
2007-02-26 22:03:17
[SECURITY] Fedora Core 6 Update: nss-3.11.5-0.6.0.fc6
2007-02-26 22:03:36
[SECURITY] Fedora Core 6 Update: nspr-4.6.5-0.6.0.fc6
2007-02-26 22:03:32
ubuntucve
ubuntucve
CVE-2006-6077
2006-11-24 00:00:00
CVE-2007-0779
2007-02-26 00:00:00
CVE-2007-0009
2007-02-26 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:12:48
Clickjacking
2020-04-10 00:12:51
Arbitrary Code Execution
2020-04-10 00:12:49
cve
cve
CVE-2006-6077
2006-11-24 17:07:00
CVE-2007-0009
2007-02-26 20:28:00
CVE-2007-0996
2007-02-27 02:28:00
checkpoint_advisories
checkpoint_advisories
Mozilla Network Security Services SSLv2 client integer underflow (CVE-2007-0008)
2010-02-16 00:00:00
Mozilla Network Security Services SSLv2 Server Stack Overflow (CVE-2007-0009)
2010-02-16 00:00:00
Mozilla Browsers JavaScript Argument Passing Code Execution - Ver2 (CVE-2007-0777)
2014-12-28 00:00:00
prion
prion
Code injection
2007-02-26 20:28:00
Cross site scripting
2007-02-27 02:28:00
Heap overflow
2007-02-26 20:28:00
seebug
seebug
Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability
2014-07-01 00:00:00
Mozilla Firefox &lt;= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability
2007-02-20 00:00:00
Mozilla Firefox &lt;= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability
2007-02-22 00:00:00
cert
cert
Mozilla browsers "location.hostname" cross-domain vulnerability
2007-02-15 00:00:00
Mozilla Network Security Services (NSS) fails to properly handle the client master key
2007-03-07 00:00:00
Mozilla Network Security Services (NSS) fails to properly process malformed SSLv2 server messages
2007-03-07 00:00:00
exploitpack
exploitpack
Mozilla Firefox 2.0.0.1 - location.hostname Cross-Domain
2007-02-20 00:00:00
jvn
jvn
JVN#38605899 Mozilla Firefox cross-site scripting vulnerability
2007-06-01 00:00:00

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for USN-428-2
openvas40ubuntu2nessus42freebsd1suse2centos5redhat5oraclelinux3gentoo4osv1debian1securityvulns12mozilla7fedora4ubuntucve13veracode12cve14checkpoint_advisories6prion13seebug3cert7exploitpack1jvn1