18700

18704

22065

1015570

VU#759273

http://www.mozilla.org/security/announce/2006/mfsa2006-04.html

SSRT061236

16476

TA06-038A

ADV-2006-0413

ADV-2006-3749

https://bugzilla.mozilla.org/show_bug.cgi?id=319296

mozilla-queryinterface-memory-corruption(24433)

oval:org.mitre.oval:def:1562

Mozilla 1.7 for Solaris 8 and 9.
Date this patch was last updated by Sun : Aug/29/08

Mozilla 1.7_x86 for Solaris 8 and 9.
Date this patch was last updated by Sun : Sep/02/08

Mozilla 1.7_x86 patch.
Date this patch was last updated by Sun : Aug/05/09

This plugin has been deprecated and either replaced with individual 119116 patch-revision plugins, or deemed non-security related.

Mozilla 1.7 patch.
Date this patch was last updated by Sun : Sep/13/14

This plugin has been deprecated and either replaced with individual 119115 patch-revision plugins, or deemed non-security related.

The remote Windows host is using SeaMonkey, an alternative web browser and application suite. 

The installed version of SeaMonkey contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user's privileges.

The remote Windows host is using Firefox, an alternative web browser. 

The installed version of Firefox contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user's privileges.

Versions of Mozilla Firefox prior to 1.5.0.1 are reported to be prone to a cross-domain scripting flaw.  An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI.  Successful exploitation would result in the attacker executing malicious script code within the Firefox browser.  In addition, the remote browser is vulnerable to a memory corruption and authentication bypass flaw.  An attacker exploiting these flaws would be able to execute arbitrary code on the remote browser or gain access to critical functions.

The remote host is running a vulnerable version of Mozilla Thunderbird mail client. This version of Thunderbird is vulnerable to a Man-in-the-middle (MITM) or sniffing vulnerability where an attacker can determine user credentials even when encryption is enabled.  To exploit this flaw, an attacker would need access to the local network. In addition, the client is vulnerable to a flaw where attackers can spoof attachment types.  An attacker exploiting this flaw would craft a malicious email and entice a user to open a seemingly innocuous attachment.

The remote host is using SeaMonkey. The installed version of SeaMonkey contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.  The version of SeaMonkey is vulnerable to multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker exploiting these flaws would need to be able to convince a user to browse to a malicious URI.

Versions of Mozilla Firefox prior to 1.7.13 are affected by various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host. Additionally, these versions are affected by multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker exploiting these flaws would need to be able to convince a Mozilla user to browse to a malicious URI.

The remote host is running a vulnerable version of Mozilla Thunderbird mail client. This version of Thunderbird is vulnerable to multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker exploiting these flaws would need to be able to convince a user to open or read a malicious email.  Successful exploitation would give the attacker the ability to execute arbitrary code with the permissions of the user running Thunderbird.

Versions of Mozilla Firefox prior to 1.5.0.2 or 1.0.8 are affected by various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.  The version of Firefox is vulnerable to multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker  exploiting these flaws would need to be able to convince a Firefox user to browse to a malicious URI.

The remote host is running an older version of the Firefox browser.  The installed version of Firefox is reported to be prone to a cross-domain scripting flaw.  An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI.  Successful exploitation would result in the attacker executing malicious script code within the Firefox browser.  In addition, the remote browser is vulnerable to a memory corruption and authentication bypass flaw.  An attacker exploiting these flaws would be able to execute arbitrary code on the remote browser or gain access to critical functions.

The remote host is using Mozilla. The installed version of Mozilla contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.  The version of Mozilla is vulnerable to multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker exploiting these flaws would need to be able to convince a Mozilla user to browse to a malicious URI.

The remote host is using Firefox. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.  The version of Firefox is vulnerable to multiple denial of service attacks, overflows, information disclosure, privilege escalation, and other issues.  An attacker  exploiting these flaws would need to be able to convince a Firefox user to browse to a malicious URI.

ID	Name	Product	Family	Severity
24403	Solaris 9 (sparc) : 120671-08	Nessus	Solaris Local Security Checks	critical
24395	Solaris 8 (sparc) : 120671-08	Nessus	Solaris Local Security Checks	critical
23773	Solaris 9 (x86) : 120672-08	Nessus	Solaris Local Security Checks	critical
23772	Solaris 8 (x86) : 120672-08	Nessus	Solaris Local Security Checks	critical
22987	Solaris 10 (x86) : 119116-35 (deprecated)	Nessus	Solaris Local Security Checks	critical
22954	Solaris 10 (sparc) : 119115-36 (deprecated)	Nessus	Solaris Local Security Checks	critical
20863	SeaMonkey < 1.0 Multiple Vulnerabilities	Nessus	Windows	high
20842	Firefox < 1.5.0.1 Multiple Vulnerabilities	Nessus	Windows	high
3405	Mozilla Firefox < 1.5.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3258	Mozilla Thunderbird < 1.5 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	medium
3516	SeaMonkey < 1.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3514	Mozilla Firefox < 1.7.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3513	Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	medium
3512	Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801357	Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801290	Mozilla Thunderbird < 1.5 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801243	Mozilla Firefox < 1.5.0.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801226	Mozilla Browser < 1.7.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801220	Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2006-0295

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins