Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy
for users to accept self-signed certificates for the auto-update mechanism,
which might allow remote user-assisted attackers to use DNS spoofing to
trick users into visiting a malicious site and accepting a malicious
certificate for the Mozilla update site, which can then be used to install
arbitrary code on the next update.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 | UNKNOWN |
ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.06 | UNKNOWN |
ubuntu | 6.10 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.10 | UNKNOWN |
ubuntu | 7.04 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.7.04 | UNKNOWN |