CVE-2006-4567Firefox vulnerability

12 documents7 sources
Severity
2.6LOWNVD
EPSS
1.0%
top 23.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla ThunderbirdDebian FirefoxDebian Thunderbird+1 more
Timeline
PublishedSep 15
Latest updateMay 1

Description

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages5 packages

Debianmozilla/thunderbird< 1.5.0.7-1+3
NVDmozilla/firefox1.5.0.6
NVDmozilla/thunderbird1.5.0.6
debiandebian/firefox< firefox 1.5.dfsg+1.5.0.7-1 (sid)
debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.7-1 (sid)

Patches

Patch: secunia.comPatch: secunia.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-g5fp-x2h2-86wp: Mozilla Firefox before 12022-05-01
OSV
CVE-2006-4567: Mozilla Firefox before 12006-09-15

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2006-09-25
Ubuntu
firefox vulnerabilities2006-09-23
Ubuntu
Thunderbird vulnerabilities2006-09-22
Red Hat
security flaw2006-09-15
Debian
CVE-2006-4567: firefox - Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for ...2006

💬Community

4
Bugzilla
CVE-2006-4567 security flaw2018-08-16
Bugzilla
CVE-2006-4340 Various SeaMonkey security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571)2006-09-14
Bugzilla
CVE-2006-4340 Various Firefox security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4571)2006-09-14
Bugzilla
CVE-2006-4340 Various Thunderbird security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4570 CVE-2006-4571)2006-09-14