Vulnerabilities > CVE-2006-5748 - Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
Vulnerable Configurations
Nessus
NASL family Windows NASL id SEAMONKEY_106.NASL description The installed version of SeaMonkey contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 23634 published 2006-11-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23634 title SeaMonkey < 1.0.6 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(23634); script_version("1.16"); script_cve_id("CVE-2006-5463", "CVE-2006-5464", "CVE-2006-5747", "CVE-2006-5748"); script_bugtraq_id(20957); script_name(english:"SeaMonkey < 1.0.6 Multiple Vulnerabilities"); script_summary(english:"Checks version of SeaMonkey"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is prone to multiple flaws." ); script_set_attribute(attribute:"description", value: "The installed version of SeaMonkey contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-65/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-66/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-67/" ); script_set_attribute(attribute:"solution", value: "Upgrade to SeaMonkey 1.0.6 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/11/07"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("SeaMonkey/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/SeaMonkey/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey"); mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.0.6', severity:SECURITY_HOLE);
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1225.NASL description This update covers packages for the little endian MIPS architecture missing in the original advisory. For reference please find below the original advisory text : Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. - CVE-2006-5462 Ulrich Kuhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. - CVE-2006-5463 last seen 2020-06-01 modified 2020-06-02 plugin id 23767 published 2006-12-04 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23767 title Debian DSA-1225-2 : mozilla-firefox - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1225. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(23767); script_version("1.24"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2006-4310", "CVE-2006-5462", "CVE-2006-5463", "CVE-2006-5464", "CVE-2006-5748"); script_bugtraq_id(19678, 20957); script_xref(name:"CERT", value:"335392"); script_xref(name:"CERT", value:"390480"); script_xref(name:"CERT", value:"495288"); script_xref(name:"CERT", value:"714496"); script_xref(name:"DSA", value:"1225"); script_name(english:"Debian DSA-1225-2 : mozilla-firefox - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "This update covers packages for the little endian MIPS architecture missing in the original advisory. For reference please find below the original advisory text : Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. - CVE-2006-5462 Ulrich Kuhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. - CVE-2006-5463 'shutdown' discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. - CVE-2006-5464 Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. - CVE-2006-5748 Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code. This update also addresses several crashes, which could be triggered by malicious websites and fixes a regression introduced in the previous Mozilla update." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-4310" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-5462" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-5463" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-5464" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2006-5748" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1225" ); script_set_attribute( attribute:"solution", value: "Upgrade the mozilla-firefox package. For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge13." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/04"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"mozilla-firefox", reference:"1.0.4-2sarge13")) flag++; if (deb_check(release:"3.1", prefix:"mozilla-firefox-dom-inspector", reference:"1.0.4-2sarge13")) flag++; if (deb_check(release:"3.1", prefix:"mozilla-firefox-gnome-support", reference:"1.0.4-2sarge13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-2251.NASL description This update brings MozillaFirefox to the security update release 1.5.0.8, including the following security fixes. Full details can be found on: http://www.mozilla.org/projects/security/known-vulnerabilities.html MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode. last seen 2020-06-01 modified 2020-06-02 plugin id 27116 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27116 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2251) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1227.NASL description Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. - CVE-2006-5462 Ulrich Kuhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. - CVE-2006-5463 last seen 2020-06-01 modified 2020-06-02 plugin id 23768 published 2006-12-04 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23768 title Debian DSA-1227-1 : mozilla-thunderbird - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200612-08.NASL description The remote host is affected by the vulnerability described in GLSA-200612-08 (SeaMonkey: Multiple vulnerabilities) The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution. Impact : An attacker could entice a user to load malicious JavaScript or a malicious web page with a SeaMonkey application and execute arbitrary code with the rights of the user running those products. It is important to note that in the SeaMonkey email client, JavaScript is disabled by default. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23860 published 2006-12-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23860 title GLSA-200612-08 : SeaMonkey: Multiple vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_1508.NASL description The installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 23633 published 2006-11-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23633 title Firefox < 1.5.0.8 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-381-1.NASL description USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27964 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27964 title Ubuntu 5.10 / 6.06 LTS : firefox vulnerabilities (USN-381-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-205.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.8. This update provides the latest Firefox to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24590 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24590 title Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:205) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-2258.NASL description This update brings MozillaFirefox to the security update release 1.5.0.8, including the following security fixes. Full details can be found on: http://www.mozilla.org/projects/security/known-vulnerabiliti es.html - Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. (MFSA 2006-65) - reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. (MFSA 2006-66 / CVE-2006-5462: MFSA 2006-60) - shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode. (MFSA 2006-67 / CVE-2006-5463) last seen 2020-06-01 modified 2020-06-02 plugin id 29357 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29357 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 2258) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0735.NASL description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23682 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23682 title RHEL 4 : thunderbird (RHSA-2006:0735) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0735.NASL description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36615 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36615 title CentOS 4 : thunderbird (CESA-2006:0735) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0733.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23680 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23680 title RHEL 4 : firefox (RHSA-2006:0733) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1194.NASL description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24046 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24046 title Fedora Core 5 : thunderbird-1.5.0.8-1.fc5 (2006-1194) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1224.NASL description Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. - CVE-2006-5462 Ulrich Kuhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. - CVE-2006-5463 last seen 2020-06-01 modified 2020-06-02 plugin id 23766 published 2006-12-04 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23766 title Debian DSA-1224-1 : mozilla - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2006-1191.NASL description Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24044 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24044 title Fedora Core 6 : devhelp-0.12-8.fc6 / epiphany-2.16.0-5.fc6 / firefox-1.5.0.8-1.fc6 / etc (2006-1191) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200612-06.NASL description The remote host is affected by the vulnerability described in GLSA-200612-06 (Mozilla Thunderbird: Multiple vulnerabilities) It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in Mozilla Thunderbird by default. Mozilla Thunderbird has also been found to be vulnerable to various potential buffer overflows. Lastly, the binary release of Mozilla Thunderbird is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Impact : An attacker could entice a user to view a specially crafted email that causes a buffer overflow and again executes arbitrary code or causes a Denial of Service. An attacker could also entice a user to view an email containing specially crafted JavaScript and execute arbitrary code with the rights of the user running Mozilla Thunderbird. It is important to note that JavaScript is off by default in Mozilla Thunderbird, and enabling it is strongly discouraged. It is also possible for an attacker to create SSL/TLS or email certificates that would not be detected as invalid by the binary release of Mozilla Thunderbird, raising the possibility for Man-in-the-Middle attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23858 published 2006-12-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23858 title GLSA-200612-06 : Mozilla Thunderbird: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0733.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37577 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37577 title CentOS 4 : firefox (CESA-2006:0733) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0734.NASL description Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues. From Red Hat Security Advisory 2006:0734 : Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464) A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0676 : Two flaws were found in the way SeaMonkey processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) SeaMonkey did not properly prevent a frame in one domain from injecting content into a sub-frame that belongs to another domain, which facilitates website spoofing and other attacks (CVE-2006-4568) A flaw was found in SeaMonkey Messenger triggered when a HTML message contained a remote image pointing to a XBL script. An attacker could have created a carefully crafted message which would execute Javascript if certain actions were performed on the email by the recipient, even if Javascript was disabled. (CVE-2006-4570) A number of flaws were found in SeaMonkey. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4571) last seen 2020-06-01 modified 2020-06-02 plugin id 67423 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67423 title Oracle Linux 4 : seamonkey (ELSA-2006-0734 / ELSA-2006-0676) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0735.NASL description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0735 : Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0677 : Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim last seen 2020-06-01 modified 2020-06-02 plugin id 67424 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67424 title Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-206.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.8. This update provides the latest Thunderbird to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24591 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24591 title Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:206) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLATHUNDERBIRD-2252.NASL description This security update brings Mozilla Thunderbird to version 1.5.0.8. More Details can be found on this page: http://www.mozilla.org/projects/security/known-vulnerabilities.html It includes fixes to the following security problems : MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode. last seen 2020-06-01 modified 2020-06-02 plugin id 27127 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27127 title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2252) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200612-07.NASL description The remote host is affected by the vulnerability described in GLSA-200612-07 (Mozilla Firefox: Multiple vulnerabilities) Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary release of Mozilla Firefox is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Impact : An attacker could entice a user to view specially crafted JavaScript and execute arbitrary code with the rights of the user running Mozilla Firefox. An attacker could also entice a user to view a specially crafted web page that causes a buffer overflow and again executes arbitrary code. It is also possible for an attacker to make up SSL/TLS certificates that would not be detected as invalid by the binary release of Mozilla Firefox, raising the possibility for Man-in-the-Middle attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 23859 published 2006-12-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23859 title GLSA-200612-07 : Mozilla Firefox: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0734.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464) A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23681 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23681 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2006:0734) NASL family Windows NASL id MOZILLA_THUNDERBIRD_1508.NASL description The remote version of Mozilla Thunderbird suffers from various security issues, at least one of which may lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 23635 published 2006-11-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23635 title Mozilla Thunderbird < 1.5.0.8 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2006-1192.NASL description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24045 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24045 title Fedora Core 6 : thunderbird-1.5.0.8-1.fc6 (2006-1192) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0733.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0733 : Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0675 : Two flaws were found in the way Firefox processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4565, CVE-2006-4566) A number of flaws were found in Firefox. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4571) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim last seen 2020-06-01 modified 2020-06-02 plugin id 67422 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67422 title Oracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1199.NASL description Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24047 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24047 title Fedora Core 5 : firefox-1.5.0.8-1.fc5 (2006-1199) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-2250.NASL description This security update brings Mozilla SeaMonkey to version 1.0.6. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode. last seen 2020-06-01 modified 2020-06-02 plugin id 27437 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27437 title openSUSE 10 Security Update : seamonkey (seamonkey-2250) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-382-1.NASL description USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27965 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27965 title Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-382-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0734.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464) A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36309 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36309 title CentOS 3 / 4 : seamonkey (CESA-2006:0734)
Oval
accepted | 2013-04-29T04:13:51.881-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:11408 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
- http://rhn.redhat.com/errata/RHSA-2006-0733.html
- http://rhn.redhat.com/errata/RHSA-2006-0734.html
- http://rhn.redhat.com/errata/RHSA-2006-0735.html
- http://secunia.com/advisories/22066
- http://secunia.com/advisories/22722
- http://secunia.com/advisories/22727
- http://secunia.com/advisories/22737
- http://secunia.com/advisories/22763
- http://secunia.com/advisories/22770
- http://secunia.com/advisories/22774
- http://secunia.com/advisories/22815
- http://secunia.com/advisories/22817
- http://secunia.com/advisories/22929
- http://secunia.com/advisories/22965
- http://secunia.com/advisories/22980
- http://secunia.com/advisories/23009
- http://secunia.com/advisories/23013
- http://secunia.com/advisories/23197
- http://secunia.com/advisories/23202
- http://secunia.com/advisories/23235
- http://secunia.com/advisories/23263
- http://secunia.com/advisories/23287
- http://secunia.com/advisories/23297
- http://secunia.com/advisories/24711
- http://secunia.com/advisories/27603
- http://security.gentoo.org/glsa/glsa-200612-06.xml
- http://security.gentoo.org/glsa/glsa-200612-07.xml
- http://security.gentoo.org/glsa/glsa-200612-08.xml
- http://securitytracker.com/id?1017177
- http://securitytracker.com/id?1017178
- http://securitytracker.com/id?1017179
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201335-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
- http://www.debian.org/security/2006/dsa-1224
- http://www.debian.org/security/2006/dsa-1225
- http://www.debian.org/security/2006/dsa-1227
- http://www.kb.cert.org/vuls/id/390480
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
- http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
- http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
- http://www.securityfocus.com/archive/1/451099/100/0/threaded
- http://www.securityfocus.com/bid/20957
- http://www.ubuntu.com/usn/usn-381-1
- http://www.ubuntu.com/usn/usn-382-1
- http://www.us-cert.gov/cas/techalerts/TA06-312A.html
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2006/4387
- http://www.vupen.com/english/advisories/2007/1198
- http://www.vupen.com/english/advisories/2007/3821
- http://www.vupen.com/english/advisories/2008/0083
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
- https://bugzilla.mozilla.org/show_bug.cgi?id=349527
- https://bugzilla.mozilla.org/show_bug.cgi?id=350238
- https://bugzilla.mozilla.org/show_bug.cgi?id=351116
- https://bugzilla.mozilla.org/show_bug.cgi?id=351973
- https://bugzilla.mozilla.org/show_bug.cgi?id=352271
- https://bugzilla.mozilla.org/show_bug.cgi?id=352606
- https://bugzilla.mozilla.org/show_bug.cgi?id=353165
- https://bugzilla.mozilla.org/show_bug.cgi?id=354145
- https://bugzilla.mozilla.org/show_bug.cgi?id=354151
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30096
- https://issues.rpath.com/browse/RPL-765
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11408