Vulnerabilities > CVE-2006-5748 - Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
mozilla
nessus

Summary

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.

Nessus

  • NASL familyWindows
    NASL idSEAMONKEY_106.NASL
    descriptionThe installed version of SeaMonkey contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id23634
    published2006-11-08
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23634
    titleSeaMonkey < 1.0.6 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(23634);
      script_version("1.16");
    
      script_cve_id("CVE-2006-5463", "CVE-2006-5464", "CVE-2006-5747", "CVE-2006-5748");
      script_bugtraq_id(20957);
    
      script_name(english:"SeaMonkey < 1.0.6 Multiple Vulnerabilities");
      script_summary(english:"Checks version of SeaMonkey");
    
     script_set_attribute(attribute:"synopsis", value:
    "A web browser on the remote host is prone to multiple flaws." );
     script_set_attribute(attribute:"description", value:
    "The installed version of SeaMonkey contains various security issues,
    some of which may lead to execution of arbitrary code on the affected
    host subject to the user's privileges." );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-65/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-66/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-67/" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to SeaMonkey 1.0.6 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/08");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/11/07");
     script_cvs_date("Date: 2018/07/27 18:38:15");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
    script_end_attributes();
    
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
     
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
     
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/SeaMonkey/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
    
    mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.0.6', severity:SECURITY_HOLE);
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1225.NASL
    descriptionThis update covers packages for the little endian MIPS architecture missing in the original advisory. For reference please find below the original advisory text : Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. - CVE-2006-5462 Ulrich Kuhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. - CVE-2006-5463
    last seen2020-06-01
    modified2020-06-02
    plugin id23767
    published2006-12-04
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23767
    titleDebian DSA-1225-2 : mozilla-firefox - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1225. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(23767);
      script_version("1.24");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2006-4310", "CVE-2006-5462", "CVE-2006-5463", "CVE-2006-5464", "CVE-2006-5748");
      script_bugtraq_id(19678, 20957);
      script_xref(name:"CERT", value:"335392");
      script_xref(name:"CERT", value:"390480");
      script_xref(name:"CERT", value:"495288");
      script_xref(name:"CERT", value:"714496");
      script_xref(name:"DSA", value:"1225");
    
      script_name(english:"Debian DSA-1225-2 : mozilla-firefox - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update covers packages for the little endian MIPS architecture
    missing in the original advisory. For reference please find below the
    original advisory text :
    
      Several security related problems have been discovered in Mozilla
      and derived products such as Mozilla Firefox. The Common
      Vulnerabilities and Exposures project identifies the following
      vulnerabilities :
    
        - CVE-2006-4310
          Tomas Kempinsky discovered that malformed FTP server
          responses could lead to denial of service.
    
        - CVE-2006-5462
          Ulrich Kuhn discovered that the correction for a
          cryptographic flaw in the handling of PKCS-1
          certificates was incomplete, which allows the forgery
          of certificates.
    
        - CVE-2006-5463
          'shutdown' discovered that modification of JavaScript
          objects during execution could lead to the execution
          of arbitrary JavaScript bytecode.
    
        - CVE-2006-5464
          Jesse Ruderman and Martijn Wargers discovered several
          crashes in the layout engine, which might also allow
          execution of arbitrary code.
    
        - CVE-2006-5748
          Igor Bukanov and Jesse Ruderman discovered several
          crashes in the JavaScript engine, which might allow
          execution of arbitrary code.
    
      This update also addresses several crashes, which could be triggered
      by malicious websites and fixes a regression introduced in the
      previous Mozilla update."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4310"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5462"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5464"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-5748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1225"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mozilla-firefox package.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.0.4-2sarge13."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/04");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"mozilla-firefox", reference:"1.0.4-2sarge13")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-firefox-dom-inspector", reference:"1.0.4-2sarge13")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-firefox-gnome-support", reference:"1.0.4-2sarge13")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-2251.NASL
    descriptionThis update brings MozillaFirefox to the security update release 1.5.0.8, including the following security fixes. Full details can be found on: http://www.mozilla.org/projects/security/known-vulnerabilities.html MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode.
    last seen2020-06-01
    modified2020-06-02
    plugin id27116
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27116
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2251)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1227.NASL
    descriptionSeveral security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. - CVE-2006-5462 Ulrich Kuhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. - CVE-2006-5463
    last seen2020-06-01
    modified2020-06-02
    plugin id23768
    published2006-12-04
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23768
    titleDebian DSA-1227-1 : mozilla-thunderbird - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200612-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200612-08 (SeaMonkey: Multiple vulnerabilities) The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution. Impact : An attacker could entice a user to load malicious JavaScript or a malicious web page with a SeaMonkey application and execute arbitrary code with the rights of the user running those products. It is important to note that in the SeaMonkey email client, JavaScript is disabled by default. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id23860
    published2006-12-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23860
    titleGLSA-200612-08 : SeaMonkey: Multiple vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1508.NASL
    descriptionThe installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id23633
    published2006-11-08
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23633
    titleFirefox < 1.5.0.8 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-381-1.NASL
    descriptionUSN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27964
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27964
    titleUbuntu 5.10 / 6.06 LTS : firefox vulnerabilities (USN-381-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-205.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.8. This update provides the latest Firefox to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24590
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24590
    titleMandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:205)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-2258.NASL
    descriptionThis update brings MozillaFirefox to the security update release 1.5.0.8, including the following security fixes. Full details can be found on: http://www.mozilla.org/projects/security/known-vulnerabiliti es.html - Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. (MFSA 2006-65) - reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. (MFSA 2006-66 / CVE-2006-5462: MFSA 2006-60) - shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode. (MFSA 2006-67 / CVE-2006-5463)
    last seen2020-06-01
    modified2020-06-02
    plugin id29357
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29357
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 2258)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0735.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id23682
    published2006-11-20
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/23682
    titleRHEL 4 : thunderbird (RHSA-2006:0735)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0735.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36615
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36615
    titleCentOS 4 : thunderbird (CESA-2006:0735)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0733.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id23680
    published2006-11-20
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/23680
    titleRHEL 4 : firefox (RHSA-2006:0733)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-1194.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24046
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24046
    titleFedora Core 5 : thunderbird-1.5.0.8-1.fc5 (2006-1194)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1224.NASL
    descriptionSeveral security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. - CVE-2006-5462 Ulrich Kuhn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. - CVE-2006-5463
    last seen2020-06-01
    modified2020-06-02
    plugin id23766
    published2006-12-04
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23766
    titleDebian DSA-1224-1 : mozilla - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-1191.NASL
    descriptionMozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24044
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24044
    titleFedora Core 6 : devhelp-0.12-8.fc6 / epiphany-2.16.0-5.fc6 / firefox-1.5.0.8-1.fc6 / etc (2006-1191)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200612-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200612-06 (Mozilla Thunderbird: Multiple vulnerabilities) It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in Mozilla Thunderbird by default. Mozilla Thunderbird has also been found to be vulnerable to various potential buffer overflows. Lastly, the binary release of Mozilla Thunderbird is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Impact : An attacker could entice a user to view a specially crafted email that causes a buffer overflow and again executes arbitrary code or causes a Denial of Service. An attacker could also entice a user to view an email containing specially crafted JavaScript and execute arbitrary code with the rights of the user running Mozilla Thunderbird. It is important to note that JavaScript is off by default in Mozilla Thunderbird, and enabling it is strongly discouraged. It is also possible for an attacker to create SSL/TLS or email certificates that would not be detected as invalid by the binary release of Mozilla Thunderbird, raising the possibility for Man-in-the-Middle attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id23858
    published2006-12-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23858
    titleGLSA-200612-06 : Mozilla Thunderbird: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0733.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37577
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37577
    titleCentOS 4 : firefox (CESA-2006:0733)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0734.NASL
    descriptionUpdated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues. From Red Hat Security Advisory 2006:0734 : Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464) A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0676 : Two flaws were found in the way SeaMonkey processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) SeaMonkey did not properly prevent a frame in one domain from injecting content into a sub-frame that belongs to another domain, which facilitates website spoofing and other attacks (CVE-2006-4568) A flaw was found in SeaMonkey Messenger triggered when a HTML message contained a remote image pointing to a XBL script. An attacker could have created a carefully crafted message which would execute Javascript if certain actions were performed on the email by the recipient, even if Javascript was disabled. (CVE-2006-4570) A number of flaws were found in SeaMonkey. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4571)
    last seen2020-06-01
    modified2020-06-02
    plugin id67423
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67423
    titleOracle Linux 4 : seamonkey (ELSA-2006-0734 / ELSA-2006-0676)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0735.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0735 : Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0677 : Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67424
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67424
    titleOracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-206.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.8. This update provides the latest Thunderbird to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24591
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24591
    titleMandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:206)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-2252.NASL
    descriptionThis security update brings Mozilla Thunderbird to version 1.5.0.8. More Details can be found on this page: http://www.mozilla.org/projects/security/known-vulnerabilities.html It includes fixes to the following security problems : MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode.
    last seen2020-06-01
    modified2020-06-02
    plugin id27127
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27127
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2252)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200612-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200612-07 (Mozilla Firefox: Multiple vulnerabilities) Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary release of Mozilla Firefox is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Impact : An attacker could entice a user to view specially crafted JavaScript and execute arbitrary code with the rights of the user running Mozilla Firefox. An attacker could also entice a user to view a specially crafted web page that causes a buffer overflow and again executes arbitrary code. It is also possible for an attacker to make up SSL/TLS certificates that would not be detected as invalid by the binary release of Mozilla Firefox, raising the possibility for Man-in-the-Middle attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id23859
    published2006-12-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23859
    titleGLSA-200612-07 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0734.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464) A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id23681
    published2006-11-20
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/23681
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2006:0734)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1508.NASL
    descriptionThe remote version of Mozilla Thunderbird suffers from various security issues, at least one of which may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id23635
    published2006-11-08
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23635
    titleMozilla Thunderbird < 1.5.0.8 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-1192.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24045
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24045
    titleFedora Core 6 : thunderbird-1.5.0.8-1.fc6 (2006-1192)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0733.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0733 : Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0675 : Two flaws were found in the way Firefox processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4565, CVE-2006-4566) A number of flaws were found in Firefox. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4571) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67422
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67422
    titleOracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-1199.NASL
    descriptionMozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.8 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24047
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24047
    titleFedora Core 5 : firefox-1.5.0.8-1.fc5 (2006-1199)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-2250.NASL
    descriptionThis security update brings Mozilla SeaMonkey to version 1.0.6. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine. MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode.
    last seen2020-06-01
    modified2020-06-02
    plugin id27437
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27437
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-2250)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-382-1.NASL
    descriptionUSN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27965
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27965
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-382-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0734.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processes certain malformed JavaScript code. A malicious web page could cause the execution of JavaScript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464) A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36309
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36309
    titleCentOS 3 / 4 : seamonkey (CESA-2006:0734)

Oval

accepted2013-04-29T04:13:51.881-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
familyunix
idoval:org.mitre.oval:def:11408
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
version26

Redhat

advisories
  • bugzilla
    id214445
    titleCVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentfirefox is earlier than 0:1.5.0.8-0.1.el4
        ovaloval:com.redhat.rhsa:tst:20060733001
      • commentfirefox is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060200002
    rhsa
    idRHSA-2006:0733
    released2006-11-08
    severityCritical
    titleRHSA-2006:0733: firefox security update (Critical)
  • bugzilla
    id214447
    titleCVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentseamonkey-mail is earlier than 0:1.0.6-0.1.el4
            ovaloval:com.redhat.rhsa:tst:20060734001
          • commentseamonkey-mail is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609012
        • AND
          • commentseamonkey-js-debugger is earlier than 0:1.0.6-0.1.el4
            ovaloval:com.redhat.rhsa:tst:20060734003
          • commentseamonkey-js-debugger is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609002
        • AND
          • commentseamonkey-devel is earlier than 0:1.0.6-0.1.el4
            ovaloval:com.redhat.rhsa:tst:20060734005
          • commentseamonkey-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609010
        • AND
          • commentseamonkey-chat is earlier than 0:1.0.6-0.1.el4
            ovaloval:com.redhat.rhsa:tst:20060734007
          • commentseamonkey-chat is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609004
        • AND
          • commentseamonkey is earlier than 0:1.0.6-0.1.el4
            ovaloval:com.redhat.rhsa:tst:20060734009
          • commentseamonkey is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609006
        • AND
          • commentseamonkey-dom-inspector is earlier than 0:1.0.6-0.1.el4
            ovaloval:com.redhat.rhsa:tst:20060734011
          • commentseamonkey-dom-inspector is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609008
        • AND
          • commentdevhelp-devel is earlier than 0:0.10-0.5.el4
            ovaloval:com.redhat.rhsa:tst:20060734013
          • commentdevhelp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060329002
        • AND
          • commentdevhelp is earlier than 0:0.10-0.5.el4
            ovaloval:com.redhat.rhsa:tst:20060734015
          • commentdevhelp is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060329004
    rhsa
    idRHSA-2006:0734
    released2006-11-08
    severityCritical
    titleRHSA-2006:0734: seamonkey security update (Critical)
  • bugzilla
    id214450
    titleCVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentthunderbird is earlier than 0:1.5.0.8-0.1.el4
        ovaloval:com.redhat.rhsa:tst:20060735001
      • commentthunderbird is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060330002
    rhsa
    idRHSA-2006:0735
    released2006-11-08
    severityCritical
    titleRHSA-2006:0735: thunderbird security update (Critical)
rpms
  • firefox-0:1.5.0.8-0.1.el4
  • firefox-debuginfo-0:1.5.0.8-0.1.el4
  • devhelp-0:0.10-0.5.el4
  • devhelp-debuginfo-0:0.10-0.5.el4
  • devhelp-devel-0:0.10-0.5.el4
  • seamonkey-0:1.0.6-0.1.el2
  • seamonkey-0:1.0.6-0.1.el3
  • seamonkey-0:1.0.6-0.1.el4
  • seamonkey-chat-0:1.0.6-0.1.el2
  • seamonkey-chat-0:1.0.6-0.1.el3
  • seamonkey-chat-0:1.0.6-0.1.el4
  • seamonkey-debuginfo-0:1.0.6-0.1.el3
  • seamonkey-debuginfo-0:1.0.6-0.1.el4
  • seamonkey-devel-0:1.0.6-0.1.el2
  • seamonkey-devel-0:1.0.6-0.1.el3
  • seamonkey-devel-0:1.0.6-0.1.el4
  • seamonkey-dom-inspector-0:1.0.6-0.1.el2
  • seamonkey-dom-inspector-0:1.0.6-0.1.el3
  • seamonkey-dom-inspector-0:1.0.6-0.1.el4
  • seamonkey-js-debugger-0:1.0.6-0.1.el2
  • seamonkey-js-debugger-0:1.0.6-0.1.el3
  • seamonkey-js-debugger-0:1.0.6-0.1.el4
  • seamonkey-mail-0:1.0.6-0.1.el2
  • seamonkey-mail-0:1.0.6-0.1.el3
  • seamonkey-mail-0:1.0.6-0.1.el4
  • seamonkey-nspr-0:1.0.6-0.1.el2
  • seamonkey-nspr-0:1.0.6-0.1.el3
  • seamonkey-nspr-devel-0:1.0.6-0.1.el2
  • seamonkey-nspr-devel-0:1.0.6-0.1.el3
  • seamonkey-nss-0:1.0.6-0.1.el2
  • seamonkey-nss-0:1.0.6-0.1.el3
  • seamonkey-nss-devel-0:1.0.6-0.1.el2
  • seamonkey-nss-devel-0:1.0.6-0.1.el3
  • thunderbird-0:1.5.0.8-0.1.el4
  • thunderbird-debuginfo-0:1.5.0.8-0.1.el4

References