Lucene search

Ubuntu.comUB:CVE-2006-6585

HistoryDec 15, 2006 - 12:00 a.m.

CVE-2006-6585

2006-12-1500:00:00

ubuntu.com

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

62.1%

JSON

The Extensions manager in Mozilla Firefox 2.0 does not properly populate
the list of local extensions, which allows attackers to construct an
extension that hides itself by finding its name in the list and then
calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it
was later reported that 3.0 is also affected.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1UNKNOWN
ubuntu6.10noarchfirefox< 2.0.0.6+0dfsg-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchfirefox< 2.0.0.6+1-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1	UNKNOWN
ubuntu	6.10	noarch	firefox	< 2.0.0.6+0dfsg-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	firefox	< 2.0.0.6+1-0ubuntu1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2006-6585

nvd.nist.gov/vuln/detail/CVE-2006-6585

security-tracker.debian.org/tracker/CVE-2006-6585

www.cve.org/CVERecord?id=CVE-2006-6585

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

62.1%

JSON

Related for UB:CVE-2006-6585