New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis updates fixes several security problems in the Mozilla Firefox 1.5 browser and brings it up to 18.104.22.168 bugfix level. The full list is at:
MFSA 2006-38/CVE-2006-2778: The crypto.signText function in Mozilla Firefox allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. MFSA 2006-39/CVE-2006-1942: Mozilla Firefox allows user-complicit remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a ,wma file to launch Windows Media Player, or by referencing an 'alternate web page.' MFSA-2006-41/CVE-2006-2782:
Firefox does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. MFSA 2006-42/CVE-2006-2783: Mozilla Firefox strips the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. MFSA 2006-43/CVE-2006-2777:
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
SolutionUpdate the affected MozillaFirefox packages.