Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23079

HistoryApr 10, 2020 - 12:15 a.m.

DNS Spoofing

2020-04-1000:15:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

Mozilla Firefox is vulnerable to DNS spoofing. A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim’s DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate.

CPENameOperatorVersion
firefoxeq1.5.0.5__0.el4.1
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq1.5.0.5__0.el4.1
firefoxeq1.5.0.5__0.el4.1
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq1.5.0.5__0.el4.1

References

secunia.com/advisories/21906

secunia.com/advisories/21916

secunia.com/advisories/21939

secunia.com/advisories/21949

secunia.com/advisories/21950

secunia.com/advisories/22001

secunia.com/advisories/22025

secunia.com/advisories/22055

secunia.com/advisories/22056

secunia.com/advisories/22066

secunia.com/advisories/22074

secunia.com/advisories/22088

secunia.com/advisories/22195

secunia.com/advisories/22210

secunia.com/advisories/22274

secunia.com/advisories/22422

security.gentoo.org/glsa/glsa-200609-19.xml

security.gentoo.org/glsa/glsa-200610-01.xml

securitytracker.com/id?1016850

securitytracker.com/id?1016851

support.avaya.com/elmodocs2/security/ASA-2006-224.htm

www.mandriva.com/security/advisories?name=MDKSA-2006:168

www.mandriva.com/security/advisories?name=MDKSA-2006:169

www.mozilla.org/security/announce/2006/mfsa2006-58.html

www.novell.com/linux/security/advisories/2006_54_mozilla.html

www.redhat.com/security/updates/classification/#critical

www.redhat.com/support/errata/RHSA-2006-0675.html

www.redhat.com/support/errata/RHSA-2006-0677.html

www.securityfocus.com/archive/1/446140/100/0/threaded

www.securityfocus.com/bid/20042

www.ubuntu.com/usn/usn-350-1

www.ubuntu.com/usn/usn-351-1

www.ubuntu.com/usn/usn-352-1

www.ubuntu.com/usn/usn-354-1

www.vupen.com/english/advisories/2006/3617

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2008/0083

www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

access.redhat.com/errata/RHSA-2006:0675

exchange.xforce.ibmcloud.com/vulnerabilities/28950

issues.rpath.com/browse/RPL-640

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10488

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

Related for VERACODE:23079

cve1 debiancve1 mozilla1 securityvulns1 ubuntucve1 nessus21 openvas9 ubuntu3 gentoo2 redhat2 oraclelinux2 centos2 freebsd1 suse1 cert2