Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:13993
[Rus]
Version
1
Class
patch
ALTXid
138872
Language
English
Severity
NotAvailable
Title
USN-271-1 -- Firefox vulnerabilities
Description
Web pages with extremely long titles caused subsequent launches of
Firefox browser to hang for up to a few minutes, or caused Firefox to
crash on computers with insufficient memory. (CVE-2005-4134)
Family
unix
Platform
Ubuntu 5.10
Ubuntu 5.04
Ubuntu 4.10
Product
firefox
Reference
VENDOR: USN-271-1
VENDOR: USN-271-1
Id:
USN-271-1
Reference:
http://www.ubuntu.com/usn/usn-271-1/
CVE: CVE-2005-4134
CVE: CVE-2005-4134
Id:
CVE-2005-4134
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
Comment
: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060201-01-U (SGI)
20051208 re: Firefox 1.5 buffer overflow (poc) (FULLDISC)
20051208 Re: re: Firefox 1.5 buffer overflow (poc) (FULLDISC)
17934 (SECUNIA)
17944 (SECUNIA)
17946 (SECUNIA)
18700 (SECUNIA)
18704 (SECUNIA)
18705 (SECUNIA)
18706 (SECUNIA)
18708 (SECUNIA)
18709 (SECUNIA)
19230 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
1015328 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:036 (MANDRIVA)
MDKSA-2006:037 (MANDRIVA)
http://www.mozilla.org/security/announce/mfsa2006-03.html (CONFIRM)
http://www.mozilla.org/security/history-title.html (MISC)
http://www.networksecurity.fi/advisories/netscape-history.html (MISC)
21533 (OSVDB)
FEDORA-2006-075 (FEDORA)
FEDORA-2006-076 (FEDORA)
RHSA-2006:0199 (REDHAT)
RHSA-2006:0200 (REDHAT)
FLSA:180036-1 (FEDORA)
FLSA-2006:180036-2 (FEDORA)
HPSBUX02122 (HP)
15773 (BID)
16476 (BID)
ADV-2005-2805 (VUPEN)
ADV-2006-0413 (VUPEN)
ADV-2006-3391 (VUPEN)
oval:org.mitre.oval:def:11382 (OVAL)
oval:org.mitre.oval:def:1619 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
CVE: CVE-2006-0292
CVE: CVE-2006-0292
Id:
CVE-2006-0292
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
Comment
: The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060201-01-U (SGI)
18700 (SECUNIA)
18703 (SECUNIA)
18704 (SECUNIA)
18705 (SECUNIA)
18706 (SECUNIA)
18708 (SECUNIA)
18709 (SECUNIA)
19230 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
1015570 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:036 (MANDRIVA)
MDKSA-2006:037 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-01.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-075 (FEDORA)
FEDORA-2006-076 (FEDORA)
RHSA-2006:0199 (REDHAT)
RHSA-2006:0200 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:180036-1 (FEDORA)
FLSA-2006:180036-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
16476 (BID)
ADV-2006-0413 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3749 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=316885 (CONFIRM)
mozilla-javascript-memory-corruption(24430) (XF)
oval:org.mitre.oval:def:10016 (OVAL)
oval:org.mitre.oval:def:670 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1742
CVE: CVE-2006-1742
Id:
CVE-2006-1742
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
Comment
: The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#492382 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
ADV-2006-1356 (VUPEN)
mozilla-garbage-memory-corruption(25807) (XF)
oval:org.mitre.oval:def:1087 (OVAL)
oval:org.mitre.oval:def:11808 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-0296
CVE: CVE-2006-0296
Id:
CVE-2006-0296
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
Comment
: The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060201-01-U (SGI)
18700 (SECUNIA)
18703 (SECUNIA)
18704 (SECUNIA)
18705 (SECUNIA)
18706 (SECUNIA)
18708 (SECUNIA)
18709 (SECUNIA)
19230 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
1015570 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#592425 (CERT-VN)
MDKSA-2006:036 (MANDRIVA)
MDKSA-2006:037 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-05.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-075 (FEDORA)
FEDORA-2006-076 (FEDORA)
RHSA-2006:0199 (REDHAT)
RHSA-2006:0200 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:180036-1 (FEDORA)
FLSA-2006:180036-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
16476 (BID)
TA06-038A (CERT)
ADV-2006-0413 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3749 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=319847 (CONFIRM)
mozilla-xuldocument-command-execution(24434) (XF)
oval:org.mitre.oval:def:11803 (OVAL)
oval:org.mitre.oval:def:1493 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-0749
CVE: CVE-2006-0749
Id:
CVE-2006-0749
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
Comment
: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
729 (SREASON)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#736934 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-18.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
20060417 ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (BUGTRAQ)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-06-009.html (MISC)
mozilla-nshtmlcontentsink-memory-corruption(25819) (XF)
oval:org.mitre.oval:def:11704 (OVAL)
oval:org.mitre.oval:def:1848 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1727
CVE: CVE-2006-1727
Id:
CVE-2006-1727
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
Comment
: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
CVSSv2 Score:
7.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015926 (SECTRACK)
1015927 (SECTRACK)
1015928 (SECTRACK)
1015929 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
mozilla-printpreview-privilege-escalation(25824) (XF)
oval:org.mitre.oval:def:10364 (OVAL)
oval:org.mitre.oval:def:1649 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1728
CVE: CVE-2006-1728
Id:
CVE-2006-1728
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
Comment
: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
1015922 (SECTRACK)
1015923 (SECTRACK)
1015924 (SECTRACK)
1015925 (SECTRACK)
102550 (SUNALERT)
102763 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#932734 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2007-0058 (VUPEN)
ADV-2008-0083 (VUPEN)
mozilla-generatecrmfrequest-code-execution(25812) (XF)
oval:org.mitre.oval:def:10508 (OVAL)
oval:org.mitre.oval:def:1698 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1729
CVE: CVE-2006-1729
Id:
CVE-2006-1729
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
Comment
: Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
20 (Improper Input Validation)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22066 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html (CONFIRM)
SUSE-SA:2006:035 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02153 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2008-0083 (VUPEN)
mozilla-textbox-file-access(25823) (XF)
oval:org.mitre.oval:def:10922 (OVAL)
oval:org.mitre.oval:def:1929 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
CVE: CVE-2006-1730
CVE: CVE-2006-1730
Id:
CVE-2006-1730
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
Comment
: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19649 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
22065 (SECUNIA)
22066 (SECUNIA)
720 (SREASON)
1015915 (SECTRACK)
1015916 (SECTRACK)
1015917 (SECTRACK)
1015918 (SECTRACK)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#179014 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
20060415 ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability (BUGTRAQ)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
ADV-2006-3748 (VUPEN)
ADV-2006-3749 (VUPEN)
ADV-2008-0083 (VUPEN)
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html (MISC)
mozilla-css-letterspacing-overflow(25826) (XF)
oval:org.mitre.oval:def:10055 (OVAL)
oval:org.mitre.oval:def:1614 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1731
CVE: CVE-2006-1731
Id:
CVE-2006-1731
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
mozilla-valueof-xss(25820) (XF)
oval:org.mitre.oval:def:1955 (OVAL)
oval:org.mitre.oval:def:9604 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1732
CVE: CVE-2006-1732
Id:
CVE-2006-1732
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
Comment
: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19902 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
ADV-2006-3391 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=313373 (MISC)
mozilla-windows-controllers-xss(25818) (XF)
oval:org.mitre.oval:def:10232 (OVAL)
oval:org.mitre.oval:def:1887 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1741
CVE: CVE-2006-1741
Id:
CVE-2006-1741
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
Comment
: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
ADV-2006-1356 (VUPEN)
mozilla-eventhandler-xss(25806) (XF)
oval:org.mitre.oval:def:1855 (OVAL)
oval:org.mitre.oval:def:9167 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1733
CVE: CVE-2006-1733
Id:
CVE-2006-1733
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#488774 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-valueof-code-execution(25817) (XF)
oval:org.mitre.oval:def:10815 (OVAL)
oval:org.mitre.oval:def:2020 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1734
CVE: CVE-2006-1734
Id:
CVE-2006-1734
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#842094 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-cloneparent-code-execution(25816) (XF)
oval:org.mitre.oval:def:10755 (OVAL)
oval:org.mitre.oval:def:1247 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1735
CVE: CVE-2006-1735
Id:
CVE-2006-1735
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
Comment
: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#813230 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-xbl-code-execution(25815) (XF)
oval:org.mitre.oval:def:1037 (OVAL)
oval:org.mitre.oval:def:10930 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1736
CVE: CVE-2006-1736
Id:
CVE-2006-1736
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736
Comment
: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19721 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19794 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html (CONFIRM)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=293527 (MISC)
mozilla-saveimageas-ext-spoofing(25814) (XF)
oval:org.mitre.oval:def:1548 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
CVE: CVE-2006-1737
CVE: CVE-2006-1737
Id:
CVE-2006-1737
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
Comment
: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
189 (Numeric Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#329500 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-javascript-regexpr-memory-corruption(25808) (XF)
oval:org.mitre.oval:def:10817 (OVAL)
oval:org.mitre.oval:def:1829 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1738
CVE: CVE-2006-1738
Id:
CVE-2006-1738
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
Comment
: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#252324 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
mozilla-mozgrid-memory-corruption(25811) (XF)
oval:org.mitre.oval:def:1687 (OVAL)
oval:org.mitre.oval:def:9405 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1739
CVE: CVE-2006-1739
Id:
CVE-2006-1739
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
Comment
: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19821 (SECUNIA)
19823 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
VU#935556 (CERT-VN)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
MDKSA-2006:078 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
SUSE-SA:2006:022 (SUSE)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
HPSBTU02118 (HP)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
TA06-107A (CERT)
ADV-2006-1356 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=265736 (MISC)
mozilla-css-memory-corruption(25810) (XF)
oval:org.mitre.oval:def:1667 (OVAL)
oval:org.mitre.oval:def:9817 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1790
CVE: CVE-2006-1790
Id:
CVE-2006-1790
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
Comment
: A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
399 (Resource Management Errors)
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19780 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
19950 (SECUNIA)
20051 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
GLSA-200605-09 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html (CONFIRM)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
RHSA-2006:0330 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
mozilla-installtrigger-memory-corruption(25809) (XF)
oval:org.mitre.oval:def:11202 (OVAL)
oval:org.mitre.oval:def:1266 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
USN-276-1 (UBUNTU)
CVE: CVE-2006-1740
CVE: CVE-2006-1740
Id:
CVE-2006-1740
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
Comment
: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
CVSSv2 Score:
2.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
SCOSA-2006.26 (SCO)
20060404-01-U (SGI)
SUSE-SA:2006:021 (SUSE)
19631 (SECUNIA)
19696 (SECUNIA)
19714 (SECUNIA)
19721 (SECUNIA)
19729 (SECUNIA)
19746 (SECUNIA)
19759 (SECUNIA)
19794 (SECUNIA)
19811 (SECUNIA)
19852 (SECUNIA)
19862 (SECUNIA)
19863 (SECUNIA)
19902 (SECUNIA)
19941 (SECUNIA)
21033 (SECUNIA)
21622 (SECUNIA)
102550 (SUNALERT)
228526 (SUNALERT)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (CONFIRM)
DSA-1044 (DEBIAN)
DSA-1046 (DEBIAN)
DSA-1051 (DEBIAN)
GLSA-200604-12 (GENTOO)
GLSA-200604-18 (GENTOO)
MDKSA-2006:075 (MANDRIVA)
MDKSA-2006:076 (MANDRIVA)
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html (CONFIRM)
FEDORA-2006-410 (FEDORA)
FEDORA-2006-411 (FEDORA)
RHSA-2006:0328 (REDHAT)
RHSA-2006:0329 (REDHAT)
FLSA:189137-1 (FEDORA)
FLSA:189137-2 (FEDORA)
HPSBUX02122 (HP)
17516 (BID)
ADV-2006-1356 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=271194 (MISC)
mozilla-secure-site-spoofing(25813) (XF)
oval:org.mitre.oval:def:10424 (OVAL)
oval:org.mitre.oval:def:1811 (OVAL)
USN-271-1 (UBUNTU)
USN-275-1 (UBUNTU)
Content available only for registered users!
ovaldb@altx-soft.com