FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4567

This CVE name corresponds to:

Entered Topic
2006-09-15 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4567 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4567
Phase Assigned(20060906)

Description

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

References

Source Reference
BUGTRAQ 20060915 rPSA-2006-0169-1 firefox thunderbird
CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
CONFIRM https://issues.rpath.com/browse/RPL-640
GENTOO GLSA-200609-19
GENTOO GLSA-200610-01
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2006:168
MANDRIVA MDKSA-2006:169
REDHAT RHSA-2006:0677
REDHAT RHSA-2006:0675
SUSE SUSE-SA:2006:054
UBUNTU USN-350-1
UBUNTU USN-351-1
UBUNTU USN-352-1
UBUNTU USN-354-1
BID 20042
OVAL oval:org.mitre.oval:def:10488
VUPEN ADV-2006-3617
VUPEN ADV-2006-3748
VUPEN ADV-2008-0083
SECTRACK 1016850
SECTRACK 1016851
SECUNIA 21906
SECUNIA 21949
SECUNIA 21916
SECUNIA 21939
SECUNIA 21950
SECUNIA 22001
SECUNIA 22025
SECUNIA 22055
SECUNIA 22074
SECUNIA 22088
SECUNIA 22210
SECUNIA 22274
SECUNIA 22422
SECUNIA 22056
SECUNIA 22195
SECUNIA 22066
XF mozilla-auto-update-gain-access(28950)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.