CVE-2006-1728HIGH
Description
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
References
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19631
http://secunia.com/advisories/19649
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746
http://secunia.com/advisories/19759
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794
http://secunia.com/advisories/19811
http://secunia.com/advisories/19821
http://secunia.com/advisories/19823
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://securitytracker.com/id?1015922
http://securitytracker.com/id?1015923
http://securitytracker.com/id?1015924
http://securitytracker.com/id?1015925
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.debian.org/security/2006/dsa-1044
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.kb.cert.org/vuls/id/932734
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/17516
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3391
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2007/0058
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/25812
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1698
Details
Source: MITRE
Published: 2006-04-14
Updated: 2018-10-18
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 29744 | Firefox < 1.0.8 Multiple Vulnerabilities | Nessus | Windows | high |
| 24403 | Solaris 9 (sparc) : 120671-08 | Nessus | Solaris Local Security Checks | critical |
| 24395 | Solaris 8 (sparc) : 120671-08 | Nessus | Solaris Local Security Checks | critical |
| 23773 | Solaris 9 (x86) : 120672-08 | Nessus | Solaris Local Security Checks | critical |
| 23772 | Solaris 8 (x86) : 120672-08 | Nessus | Solaris Local Security Checks | critical |
| 22987 | Solaris 10 (x86) : 119116-35 (deprecated) | Nessus | Solaris Local Security Checks | critical |
| 22954 | Solaris 10 (sparc) : 119115-36 (deprecated) | Nessus | Solaris Local Security Checks | critical |
| 22593 | Debian DSA-1051-1 : mozilla-thunderbird - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 22588 | Debian DSA-1046-1 : mozilla - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 22586 | Debian DSA-1044-1 : mozilla-firefox - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 21994 | CentOS 4 : thunderbird (CESA-2006:0330) | Nessus | CentOS Local Security Checks | critical |
| 21993 | CentOS 4 : firefox (CESA-2006:0328) | Nessus | CentOS Local Security Checks | critical |
| 21898 | CentOS 3 / 4 : mozilla (CESA-2006:0329) | Nessus | CentOS Local Security Checks | critical |
| 21461 | FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9) | Nessus | FreeBSD Local Security Checks | critical |
| 21351 | GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 21321 | Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1) | Nessus | Ubuntu Local Security Checks | critical |
| 21315 | GLSA-200604-18 : Mozilla Suite: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 21301 | Ubuntu 4.10 / 5.04 / 5.10 : mozilla vulnerabilities (USN-275-1) | Nessus | Ubuntu Local Security Checks | critical |
| 21288 | RHEL 4 : thunderbird (RHSA-2006:0330) | Nessus | Red Hat Local Security Checks | critical |
| 21284 | Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078) | Nessus | Mandriva Local Security Checks | critical |
| 21282 | Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075) | Nessus | Mandriva Local Security Checks | critical |
| 21277 | GLSA-200604-12 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 21270 | Ubuntu 4.10 / 5.04 / 5.10 : mozilla-firefox, firefox vulnerabilities (USN-271-1) | Nessus | Ubuntu Local Security Checks | critical |
| 21257 | RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0329) | Nessus | Red Hat Local Security Checks | critical |
| 21251 | Fedora Core 5 : firefox-1.5.0.2-1.1.fc5 (2006-411) | Nessus | Fedora Local Security Checks | critical |
| 21250 | Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410) | Nessus | Fedora Local Security Checks | critical |
| 21232 | RHEL 4 : firefox (RHSA-2006:0328) | Nessus | Red Hat Local Security Checks | critical |
| 21226 | SeaMonkey < 1.0.1 Multiple Vulnerabilities | Nessus | Windows | high |
| 21225 | Firefox < 1.5.0.2 Multiple Vulnerabilities | Nessus | Windows | high |
| 3516 | SeaMonkey < 1.0.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 3514 | Mozilla Firefox < 1.7.13 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 3513 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | SMTP Clients | medium |
| 3512 | Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 801357 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
| 801226 | Mozilla Browser < 1.7.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 801220 | Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |