CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
100.0%
CentOS Errata and Security Advisory CESA-2006:0328
Mozilla Firefox is an open source Web browser.
Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)
Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of “chrome”, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)
Several bugs were found in the way Firefox processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Firefox. (CVE-2006-0748, CVE-2006-0749,
CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
CVE-2006-1790)
A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)
A bug was found in the way Firefox allows javascript mutation events on
“input” form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)
Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-April/074974.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074975.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074976.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074977.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074978.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074979.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074980.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074981.html
https://lists.centos.org/pipermail/centos-announce/2006-April/074982.html
Affected packages:
firefox
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0328
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | firefox | < 1.0.8-1.4.1.centos4 | firefox-1.0.8-1.4.1.centos4.ia64.rpm |
CentOS | 3 | ia64 | firefox | < 1.0.8-1.4.1.centos3 | firefox-1.0.8-1.4.1.centos3.ia64.rpm |
CentOS | 4 | alpha | firefox | < 1.0.8-1.4.1axp.centos4 | firefox-1.0.8-1.4.1axp.centos4.alpha.rpm |
CentOS | 4 | i386 | firefox | < 1.0.8-1.4.1.centos4 | firefox-1.0.8-1.4.1.centos4.i386.rpm |
CentOS | 4 | x86_64 | firefox | < 1.0.8-1.4.1.centos4 | firefox-1.0.8-1.4.1.centos4.x86_64.rpm |
CentOS | 3 | i386 | firefox | < 1.0.8-1.4.1.centos3 | firefox-1.0.8-1.4.1.centos3.i386.rpm |
CentOS | 3 | x86_64 | firefox | < 1.0.8-1.4.1.centos3 | firefox-1.0.8-1.4.1.centos3.x86_64.rpm |
CentOS | 4 | s390 | firefox | < 1.0.8-1.4.1.centos4 | firefox-1.0.8-1.4.1.centos4.s390.rpm |
CentOS | 4 | s390x | firefox | < 1.0.8-1.4.1.centos4 | firefox-1.0.8-1.4.1.centos4.s390x.rpm |
CentOS | 3 | s390 | firefox | < 1.0.8-1.4.1.centos3 | firefox-1.0.8-1.4.1.centos3.s390.rpm |