Lucene search
Mozilla FoundationMFSA2006-24HistoryApr 13, 2006 - 12:00 a.m.
Privilege escalation using crypto.generateCRMFRequest — Mozilla
2006-04-1300:00:00
Mozilla Foundation
www.mozilla.org
13
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.261
Percentile
96.8%
shutdown demonstrated that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user, which could enable an attacker to install malware.
Affected configurations
Node
mozillafirefoxRange<1.0.8
ORmozillafirefoxRange<1.5.0.2
ORmozillamozilla_suiteRange<1.7.13
ORmozillaseamonkeyRange<1.0.1
ORmozillathunderbirdRange<1.0.8
ORmozillathunderbirdRange<1.5.0.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | mozilla_suite | * | cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* |
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2006-04-14 10:02:00
ubuntucve
ubuntucve
CVE-2006-1728
2006-04-14 00:00:00
cve
cve
CVE-2006-1728
2006-04-14 10:02:00
cvelist
cvelist
CVE-2006-1728
2006-04-14 10:00:00
debiancve
debiancve
CVE-2006-1728
2006-04-14 10:02:00
nvd
nvd
CVE-2006-1728
2006-04-14 10:02:00
cert
cert
Mozilla crypto.generateCRMFRequest() vulnerability
2006-04-17 00:00:00
securityvulns
securityvulns
nessus
nessus
Firefox < 1.5.0.2 Multiple Vulnerabilities
2006-04-14 00:00:00
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)
2006-04-26 00:00:00
Fedora Core 5 : firefox-1.5.0.2-1.1.fc5 (2006-411)
2006-04-21 00:00:00
openvas
openvas
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2006:0328) firefox security update
2006-04-14 00:00:00
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
centos
centos
firefox security update
2006-04-14 18:00:35
devhelp, mozilla security update
2006-04-18 17:41:36
galeon, mozilla security update
2006-04-18 23:53:59
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
ubuntu
ubuntu
Firefox vulnerabilities
2006-04-20 00:00:00
Thunderbird vulnerabilities
2006-05-03 00:00:00
Mozilla vulnerabilities
2006-04-28 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-04-23 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
debian
debian
osv
osv
mozilla-firefox - several
2006-04-26 00:00:00
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-04-13 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.261
Percentile
96.8%
Related for MFSA2006-24