Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:12457
[Rus]
Version
3
Class
patch
ALTXid
135320
Language
English
Severity
NotAvailable
Title
DSA-1046-1 -- mozilla -- several vulnerabilities
Description
Several security related problems have been discovered in Mozilla.
Family
unix
Platform
Debian GNU/Linux 3.1
Product
mozilla
Reference
VENDOR: DSA-1046-1
VENDOR: DSA-1046-1
Id:
DSA-1046-1
Reference:
https://www.debian.org/security/2006/dsa-1046
CVE: CVE-2005-2353
CVE: CVE-2005-2353
Id:
CVE-2005-2353
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2353
Comment
: run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
19863 (SECUNIA)
19941 (SECUNIA)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
MDKSA-2005:173 (MANDRIVA)
MDKSA-2005:174 (MANDRIVA)
14443 (BID)
USN-157-1 (UBUNTU)
CVE: CVE-2005-4134
CVE: CVE-2005-4134
Id:
CVE-2005-4134
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
Comment
: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060201-01-U (SGI)
20051208 re: Firefox 1.5 buffer overflow (poc) (FULLDISC)
20051208 Re: re: Firefox 1.5 buffer overflow (poc) (FULLDISC)
17934 (SECUNIA)
17944 (SECUNIA)
17946 (SECUNIA)
18700 (SECUNIA)
18704 (SECUNIA)
18705 (SECUNIA)
18706 (SECUNIA)
18708 (SECUNIA)
18709 (SECUNIA)
19230 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
1015328 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:036 (MANDRIVA)
MDKSA-2006:037 (MANDRIVA)
http://www.mozilla.org/security/announce/mfsa2006-03.html (CONFIRM)
http://www.mozilla.org/security/history-title.html (MISC)
http://www.networksecurity.fi/advisories/netscape-history.html (MISC)
21533 (OSVDB)
FEDORA-2006-075 (FEDORA)
FEDORA-2006-076 (FEDORA)
RHSA-2006:0199 (REDHAT)
RHSA-2006:0200 (REDHAT)
FLSA:180036-1 (FEDORA)
FLSA-2006:180036-2 (FEDORA)
HPSBUX02122 (HP)
15773 (BID)
16476 (BID)
ADV-2005-2805 (VUPEN)
ADV-2006-0413 (VUPEN)
ADV-2006-3391 (VUPEN)
oval:org.mitre.oval:def:11382 (OVAL)
oval:org.mitre.oval:def:1619 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
CVE: CVE-2006-0292
CVE: CVE-2006-0292
Id:
CVE-2006-0292
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
Comment
: The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060201-01-U (SGI)
18700 (SECUNIA)
18703 (SECUNIA)
18704 (SECUNIA)
18705 (SECUNIA)
18706 (SECUNIA)
18708 (SECUNIA)
18709 (SECUNIA)
19230 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
1015570 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:036 (MANDRIVA)
MDKSA-2006:037 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-01.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-075 (FEDORA)
FEDORA-2006-076 (FEDORA)
RHSA-2006:0199 (REDHAT)
RHSA-2006:0200 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:180036-1 (FEDORA)
FLSA-2006:180036-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
16476 (BID)
ADV-2006-0413 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3749 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=316885 (CONFIRM)
mozilla-javascript-memory-corruption(24430) (XF)
oval:org.mitre.oval:def:10016 (OVAL)
oval:org.mitre.oval:def:670 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-0293
CVE: CVE-2006-0293
Id:
CVE-2006-0293
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293
Comment
: The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
18700 (SECUNIA)
18704 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
1015570 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-18 (GENTOO)
http://www.mozilla.org/security/announce/2006/mfsa2006-01.html (CONFIRM)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
16476 (BID)
ADV-2006-0413 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3749 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=322045 (CONFIRM)
mozilla-javascript-memory-corruption(24430) (XF)
firefox-function-allocation-code-execution(42654) (XF)
oval:org.mitre.oval:def:1494 (OVAL)
CVE: CVE-2006-0296
CVE: CVE-2006-0296
Id:
CVE-2006-0296
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
Comment
: The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060201-01-U (SGI)
18700 (SECUNIA)
18703 (SECUNIA)
18704 (SECUNIA)
18705 (SECUNIA)
18706 (SECUNIA)
18708 (SECUNIA)
18709 (SECUNIA)
19230 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
1015570 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#592425 (CERT-VN)
MDKSA-2006:036 (MANDRIVA)
MDKSA-2006:037 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-05.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-075 (FEDORA)
FEDORA-2006-076 (FEDORA)
RHSA-2006:0199 (REDHAT)
RHSA-2006:0200 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:180036-1 (FEDORA)
FLSA-2006:180036-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
16476 (BID)
TA06-038A (CERT)
ADV-2006-0413 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3749 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=319847 (CONFIRM)
mozilla-xuldocument-command-execution(24434) (XF)
oval:org.mitre.oval:def:11803 (OVAL)
oval:org.mitre.oval:def:1493 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-0748
CVE: CVE-2006-0748
Id:
CVE-2006-0748
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
19759 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-27.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
20060426 ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability (BUGTRAQ)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-06-011/ (MISC)
mozilla-table-rebuilding-code-execution(25985) (XF)
oval:org.mitre.oval:def:11164 (OVAL)
oval:org.mitre.oval:def:1189 (OVAL)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-0749
CVE: CVE-2006-0749
Id:
CVE-2006-0749
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
Comment
: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
729 (SREASON)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#736934 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-18.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
20060417 ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (BUGTRAQ)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-06-009.html (MISC)
mozilla-nshtmlcontentsink-memory-corruption(25819) (XF)
oval:org.mitre.oval:def:11704 (OVAL)
oval:org.mitre.oval:def:1848 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-0884
CVE: CVE-2006-0884
Id:
CVE-2006-0884
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0884
Comment
: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19721 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
1015665 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:052 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-21.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
23653 (OSVDB)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
20060222 Mozilla Thunderbird : Remote Code Execution & Denial of Service (BUGTRAQ)
FLSA:189137-1 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
16770 (BID)
ADV-2006-3749 (VUPEN)
mozilla-inline-fwd-code-execution(25983) (XF)
oval:org.mitre.oval:def:10782 (OVAL)
oval:org.mitre.oval:def:2024 (OVAL)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1045
CVE: CVE-2006-1045
Id:
CVE-2006-1045
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1045
Comment
: The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE:
CWE-Other ()
References:
19821 (SECUNIA)
19823 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
22065 (SECUNIA)
514 (SREASON)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-26.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
RHSA-2006:0330 (REDHAT)
20060228 Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities (BUGTRAQ)
HPSBUX02156 (HP)
16881 (BID)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3749 (VUPEN)
thunderbird-inline-information-disclosure(24959) (XF)
oval:org.mitre.oval:def:10254 (OVAL)
oval:org.mitre.oval:def:1975 (OVAL)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1529
CVE: CVE-2006-1529
Id:
CVE-2006-1529
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1529
Comment
: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
19631 (SECUNIA)
19649 (SECUNIA)
19863 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015919 (SECTRACK)
1015920 (SECTRACK)
1015921 (SECTRACK)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
VU#350262 (CERT-VN)
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html (CONFIRM)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=315254 (MISC)
oval:org.mitre.oval:def:1947 (OVAL)
CVE: CVE-2006-1530
CVE: CVE-2006-1530
Id:
CVE-2006-1530
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1530
Comment
: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
19631 (SECUNIA)
19649 (SECUNIA)
19863 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015919 (SECTRACK)
1015920 (SECTRACK)
1015921 (SECTRACK)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
VU#350262 (CERT-VN)
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html (CONFIRM)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=326615 (MISC)
oval:org.mitre.oval:def:1903 (OVAL)
CVE: CVE-2006-1531
CVE: CVE-2006-1531
Id:
CVE-2006-1531
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1531
Comment
: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
19631 (SECUNIA)
19649 (SECUNIA)
19863 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015919 (SECTRACK)
1015920 (SECTRACK)
1015921 (SECTRACK)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
VU#350262 (CERT-VN)
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html (CONFIRM)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=326834 (MISC)
oval:org.mitre.oval:def:2023 (OVAL)
CVE: CVE-2006-1723
CVE: CVE-2006-1723
Id:
CVE-2006-1723
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1723
Comment
: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
19631 (SECUNIA)
19649 (SECUNIA)
19863 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015919 (SECTRACK)
1015920 (SECTRACK)
1015921 (SECTRACK)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
VU#350262 (CERT-VN)
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html (CONFIRM)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
oval:org.mitre.oval:def:1574 (OVAL)
CVE: CVE-2006-1724
CVE: CVE-2006-1724
Id:
CVE-2006-1724
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1724
Comment
: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19780 (SECUNIA)
19863 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015919 (SECTRACK)
1015920 (SECTRACK)
1015921 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
VU#350262 (CERT-VN)
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html (CONFIRM)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-2 (FEDORA)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=282105 (MISC)
oval:org.mitre.oval:def:10243 (OVAL)
oval:org.mitre.oval:def:1901 (OVAL)
CVE: CVE-2006-1727
CVE: CVE-2006-1727
Id:
CVE-2006-1727
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
Comment
: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
CVSSv2 Score:
7.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015926 (SECTRACK)
1015927 (SECTRACK)
1015928 (SECTRACK)
1015929 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
mozilla-printpreview-privilege-escalation(25824) (XF)
oval:org.mitre.oval:def:10364 (OVAL)
oval:org.mitre.oval:def:1649 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1728
CVE: CVE-2006-1728
Id:
CVE-2006-1728
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
Comment
: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015922 (SECTRACK)
1015923 (SECTRACK)
1015924 (SECTRACK)
1015925 (SECTRACK)
102550 (SUNALERT)
102763 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#932734 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2007-0058 (VUPEN)
ADV-2008-0083 (VUPEN)
mozilla-generatecrmfrequest-code-execution(25812) (XF)
oval:org.mitre.oval:def:10508 (OVAL)
oval:org.mitre.oval:def:1698 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1729
CVE: CVE-2006-1729
Id:
CVE-2006-1729
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
Comment
: Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
20 (Improper Input Validation)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22066 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html (CONFIRM)
SUSE-SA:2006:035 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2008-0083 (VUPEN)
mozilla-textbox-file-access(25823) (XF)
oval:org.mitre.oval:def:10922 (OVAL)
oval:org.mitre.oval:def:1929 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
CVE: CVE-2006-1730
CVE: CVE-2006-1730
Id:
CVE-2006-1730
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
Comment
: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
720 (SREASON)
1015915 (SECTRACK)
1015916 (SECTRACK)
1015917 (SECTRACK)
1015918 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#179014 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
20060415 ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability (BUGTRAQ)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html (MISC)
mozilla-css-letterspacing-overflow(25826) (XF)
oval:org.mitre.oval:def:10055 (OVAL)
oval:org.mitre.oval:def:1614 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1731
CVE: CVE-2006-1731
Id:
CVE-2006-1731
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
mozilla-valueof-xss(25820) (XF)
oval:org.mitre.oval:def:1955 (OVAL)
oval:org.mitre.oval:def:9604 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1733
CVE: CVE-2006-1733
Id:
CVE-2006-1733
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#488774 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-valueof-code-execution(25817) (XF)
oval:org.mitre.oval:def:10815 (OVAL)
oval:org.mitre.oval:def:2020 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1734
CVE: CVE-2006-1734
Id:
CVE-2006-1734
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#842094 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-cloneparent-code-execution(25816) (XF)
oval:org.mitre.oval:def:10755 (OVAL)
oval:org.mitre.oval:def:1247 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1735
CVE: CVE-2006-1735
Id:
CVE-2006-1735
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#813230 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-xbl-code-execution(25815) (XF)
oval:org.mitre.oval:def:1037 (OVAL)
oval:org.mitre.oval:def:10930 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1736
CVE: CVE-2006-1736
Id:
CVE-2006-1736
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736
Comment
: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19721 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19794 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html (CONFIRM)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=293527 (MISC)
mozilla-saveimageas-ext-spoofing(25814) (XF)
oval:org.mitre.oval:def:1548 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
CVE: CVE-2006-1737
CVE: CVE-2006-1737
Id:
CVE-2006-1737
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
Comment
: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#329500 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-javascript-regexpr-memory-corruption(25808) (XF)
oval:org.mitre.oval:def:10817 (OVAL)
oval:org.mitre.oval:def:1829 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1738
CVE: CVE-2006-1738
Id:
CVE-2006-1738
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
Comment
: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#252324 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-mozgrid-memory-corruption(25811) (XF)
oval:org.mitre.oval:def:1687 (OVAL)
oval:org.mitre.oval:def:9405 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1739
CVE: CVE-2006-1739
Id:
CVE-2006-1739
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
Comment
: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#935556 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=265736 (MISC)
mozilla-css-memory-corruption(25810) (XF)
oval:org.mitre.oval:def:1667 (OVAL)
oval:org.mitre.oval:def:9817 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1740
CVE: CVE-2006-1740
Id:
CVE-2006-1740
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
Comment
: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html (CONFIRM)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=271194 (MISC)
mozilla-secure-site-spoofing(25813) (XF)
oval:org.mitre.oval:def:10424 (OVAL)
oval:org.mitre.oval:def:1811 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
CVE: CVE-2006-1741
CVE: CVE-2006-1741
Id:
CVE-2006-1741
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
Comment
: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
ADV-2006-1356 (VUPEN)
mozilla-eventhandler-xss(25806) (XF)
oval:org.mitre.oval:def:1855 (OVAL)
oval:org.mitre.oval:def:9167 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1742
CVE: CVE-2006-1742
Id:
CVE-2006-1742
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
Comment
: The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#492382 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
ADV-2006-1356 (VUPEN)
mozilla-garbage-memory-corruption(25807) (XF)
oval:org.mitre.oval:def:1087 (OVAL)
oval:org.mitre.oval:def:11808 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1790
CVE: CVE-2006-1790
Id:
CVE-2006-1790
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
Comment
: A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
mozilla-installtrigger-memory-corruption(25809) (XF)
oval:org.mitre.oval:def:11202 (OVAL)
oval:org.mitre.oval:def:1266 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
Content available only for registered users!
ovaldb@altx-soft.com