ID CVE-2006-2776
Summary Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
References
Vulnerable Configurations
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • cpe:2.3:a:mozilla:firefox:1.0.6:-:linux
    cpe:2.3:a:mozilla:firefox:1.0.6:-:linux
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
CVSS
Base: 7.5 (as of 02-06-2006 - 14:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0735.NASL
    description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0735 : Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0677 : Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate. (CVE-2006-4567) A flaw was found in the handling of Javascript timed events. A malicious HTML email could crash the browser or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that which would be incorrectly verified by the NSS library. (CVE-2006-4340) A flaw was found in Thunderbird that triggered when a HTML message contained a remote image pointing to a XBL script. An attacker could have created a carefully crafted message which would execute Javascript if certain actions were performed on the email by the recipient, even if Javascript was disabled. (CVE-2006-4570) A number of flaws were found in Thunderbird. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4571) From Red Hat Bug Fix Advisory 2006:0624 : A problem was found in Thunderbird where starting the application from a graphical launcher (such as a menu item) did not work. From Red Hat Security Advisory 2006:0611 : The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues : Several flaws were found in the way Thunderbird processed certain javascript actions. A malicious mail message could execute arbitrary javascript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809) Several denial of service flaws were found in the way Thunderbird processed certain mail messages. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Several flaws were found in the way Thunderbird processed certain javascript actions. A malicious mail message could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Thunderbird handled javascript input object mutation. A malicious mail message could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Thunderbird called the crypto.signText() javascript function. A malicious mail message could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) A flaw was found in the way Thunderbird processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install client malware. (CVE-2006-3808) Note: Please note that JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable with JavaScript disabled. Two flaws were found in the way Thunderbird displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running Thunderbird. (CVE-2006-2781, CVE-2006-3804) A cross site scripting flaw was found in the way Thunderbird processed Unicode Byte-order-Mark (BOM) markers in UTF-8 mail messages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Two HTTP response smuggling flaws were found in the way Thunderbird processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to crash Thunderbird. (CVE-2006-2788)
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67424
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67424
    title Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1504.NASL
    description The installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 21627
    published 2006-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21627
    title Firefox < 1.5.0.4 Multiple Vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-143.NASL
    description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features. The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. Update : The previous language packages were not correctly tagged for the new Firefox which resulted in many of them not loading properly. These updated language packages correct the problem.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 23892
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23892
    title Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0733.NASL
    description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0733 : Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0675 : Two flaws were found in the way Firefox processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4565, CVE-2006-4566) A number of flaws were found in Firefox. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4571) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate. (CVE-2006-4567) Firefox did not properly prevent a frame in one domain from injecting content into a sub-frame that belongs to another domain, which facilitates website spoofing and other attacks (CVE-2006-4568) Firefox did not load manually opened, blocked popups in the right domain context, which could lead to cross-site scripting attacks. In order to exploit this issue an attacker would need to find a site which would frame their malicious page and convince the user to manually open a blocked popup. (CVE-2006-4569) From Red Hat Security Advisory 2006:0610 : The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues : Several flaws were found in the way Firefox processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way Firefox processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) A cross-site scripting flaw was found in the way Firefox processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Several flaws were found in the way Firefox processed certain javascript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Firefox handled javascript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Firefox called the crypto.signText() javascript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way Firefox processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way Firefox processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Firefox. (CVE-2006-2788)
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67422
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67422
    title Oracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)
  • NASL family Windows
    NASL id SEAMONKEY_102.NASL
    description The installed version of SeaMonkey contains various security issues, some of which could lead to execution of arbitrary code on the affected host subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 21629
    published 2006-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21629
    title SeaMonkey < 1.0.2 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1120.NASL
    description Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39] - CVE-2006-2775 XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35] - CVE-2006-2776 Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and 'moz_bug_r_a4' demonstrated that the higher privilege level could be passed along to the content-defined attack code. [MFSA-2006-37] - CVE-2006-2777 A vulnerability allows remote attackers to execute arbitrary code and create notifications that are executed in a privileged context. [MFSA-2006-43] - CVE-2006-2778 Mikolaj Habryn discovered a buffer overflow in the crypto.signText function that allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments. [MFSA-2006-38] - CVE-2006-2779 Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. This problem has only partially been corrected. [MFSA-2006-32] - CVE-2006-2780 An integer overflow allows remote attackers to cause a denial of service and may permit the execution of arbitrary code. [MFSA-2006-32] - CVE-2006-2782 Chuck McAuley discovered that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729] - CVE-2006-2783 Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM) is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page, which allows remote attackers to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42] - CVE-2006-2784 Paul Nickerson discovered that the fix for CVE-2005-0752 can be bypassed using nested javascript: URLs, allowing the attacker to execute privileged code. [MFSA-2005-34, MFSA-2006-36] - CVE-2006-2785 Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run. [MFSA-2006-34] - CVE-2006-2786 Kazuho Oku discovered that Mozilla's lenient handling of HTTP header syntax may allow remote attackers to trick the browser to interpret certain responses as if they were responses from two different sites. [MFSA-2006-33] - CVE-2006-2787 The Mozilla researcher 'moz_bug_r_a4' discovered that JavaScript run via EvalInSandbox can escape the sandbox and gain elevated privilege. [MFSA-2006-31]
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22662
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22662
    title Debian DSA-1120-1 : mozilla-firefox - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-21 (Mozilla Thunderbird: Multiple vulnerabilities) Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Impact : A remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary script code with elevated privileges, spoof content, and possibly execute arbitrary code with the rights of the user running the application. Workaround : There are no known workarounds for all the issues at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21734
    published 2006-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21734
    title GLSA-200606-21 : Mozilla Thunderbird: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-12 (Mozilla Firefox: Multiple vulnerabilities) A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact : By enticing the user to visit a malicious website, a remote attacker can inject arbitrary HTML and JavaScript Code into the user's browser, execute JavaScript code with elevated privileges and possibly execute arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21705
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21705
    title GLSA-200606-12 : Mozilla Firefox: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-296-2.NASL
    description USN-296-1 fixed several vulnerabilities in Firefox for the Ubuntu 6.06 LTS release. This update provides the corresponding fixes for Ubuntu 5.04 and Ubuntu 5.10. For reference, these are the details of the original USN : Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780, CVE-2006-2788) Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Firefox would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783) Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784) Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Firefox and the proxy server, a malicious website can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened website. (MFSA 2006-33, CVE-2006-2786). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27869
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27869
    title Ubuntu 5.04 / 5.10 : firefox, mozilla-firefox vulnerabilities (USN-296-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-296-1.NASL
    description Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780, CVE-2006-2788) Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Firefox would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783) Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784) Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Firefox and the proxy server, a malicious website can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened website. (MFSA 2006-33, CVE-2006-2786). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27868
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27868
    title Ubuntu 6.06 LTS : firefox vulnerabilities (USN-296-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0578.NASL
    description Updated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 3 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way Mozilla processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787) Several denial of service flaws were found in the way Mozilla processed certain web content. A malicious web page could crash firefox or possibly execute arbitrary code. These issues to date were not proven to be exploitable, but do show evidence of memory corruption. (CVE-2006-2779, CVE-2006-2780) A double-free flaw was found in the way Mozilla-mail displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it could execute arbitrary code as the user running Mozilla-mail. (CVE-2006-2781) A cross site scripting flaw was found in the way Mozilla processed Unicode Byte-order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) A form file upload flaw was found in the way Mozilla handled JavaScript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Mozilla called the crypto.signText() JavaScript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way Mozilla processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page it could execute arbitrary code as the user running Mozilla. (CVE-2006-2788) Users of Mozilla are advised to upgrade to this update, which contains SeaMonkey version 1.0.2 that is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22088
    published 2006-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22088
    title RHEL 3 : seamonkey (RHSA-2006:0578)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1504.NASL
    description The remote version of Mozilla Thunderbird suffers from various security issues, some of which could lead to execution of arbitrary code on the affected host subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 21628
    published 2006-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21628
    title Mozilla Thunderbird < 1.5.0.4 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0611.NASL
    description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues : Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809) Several denial of service flaws were found in the way Thunderbird processed certain mail messages. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Thunderbird handled JavaScript input object mutation. A malicious mail message could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Thunderbird called the crypto.signText() JavaScript function. A malicious mail message could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) A flaw was found in the way Thunderbird processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install client malware. (CVE-2006-3808) Note: Please note that JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable with JavaScript disabled. Two flaws were found in the way Thunderbird displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running Thunderbird. (CVE-2006-2781, CVE-2006-3804) A cross site scripting flaw was found in the way Thunderbird processed Unicode Byte-order-Mark (BOM) markers in UTF-8 mail messages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Two HTTP response smuggling flaws were found in the way Thunderbird processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to crash Thunderbird. (CVE-2006-2788) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.5 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22122
    published 2006-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22122
    title RHEL 4 : thunderbird (RHSA-2006:0611)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0610.NASL
    description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues : Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way Firefox processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) A cross-site scripting flaw was found in the way Firefox processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Firefox handled JavaScript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Firefox called the crypto.signText() JavaScript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way Firefox processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way Firefox processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Firefox. (CVE-2006-2788) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.5 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22137
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22137
    title CentOS 4 : Firefox (CESA-2006:0610)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0609.NASL
    description Updated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way SeaMonkey processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Two flaws were found in the way SeaMonkey-mail displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running Mozilla-mail. (CVE-2006-2781, CVE-2006-3804) A cross-site scripting flaw was found in the way SeaMonkey processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way SeaMonkey handled JavaScript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way SeaMonkey called the crypto.signText() JavaScript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way SeaMonkey processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way SeaMonkey processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Mozilla. (CVE-2006-2788) Users of Mozilla are advised to upgrade to this update, which contains SeaMonkey version 1.0.3 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22150
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22150
    title RHEL 4 : seamonkey (RHSA-2006:0609)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLATHUNDERBIRD-1672.NASL
    description This update of Mozilla Thunderbird fixes the security problems fixed in version 1.5.0.4: MFSA 2006-31/CVE-2006-2787: EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via JavaScript that calls the valueOf method on objects that were created outside of the sandbox. MFSA 2006-32/CVE-2006-2780: Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via 'jsstr tagify,' which leads to memory corruption. MFSA 2006-32/CVE-2006-2779: Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27124
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27124
    title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-1672)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-1585.NASL
    description This updates fixes several security problems in the Mozilla Firefox 1.5 browser and brings it up to 1.5.0.4 bugfix level. The full list is at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#fi refox1.5.0.4 MFSA 2006-31/CVE-2006-2787: EvalInSandbox allows remote attackers to gain privileges via JavaScript that calls the valueOf method on objects that were created outside of the sandbox. MFSA 2006-32/CVE-2006-2780: An Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via 'jsstr tagify,' which leads to memory corruption. MFSA 2006-32/CVE-2006-2779: Firefox allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27112
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27112
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1585)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-146.NASL
    description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program. Corporate 3 had contained the Mozilla suite however, due to the support cycle for Mozilla, it was felt that upgrading Mozilla to Firefox and Thunderbird would allow for better future support for Corporate 3 users. To that end, the latest Thunderbird is being provided for Corporate 3 users which fix all known vulnerabilities up to version 1.5.0.5, as well as providing new and enhanced features. Corporate users who were using Mozilla for mail may need to explicitly install the new mozilla-thunderbird packages. For 2006 users, no explicit installs are necessary. The following CVE names have been corrected with this update: CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2787, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3802, CVE-2006-3805, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 23894
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23894
    title Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-297-1.NASL
    description Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By sending an email with malicious JavaScript to an user, and that user enabled JavaScript in Thunderbird (which is not the default and not recommended), this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780) Masatoshi Kimura discovered a memory corruption (double-free) when processing a large VCard with invalid base64 characters in it. By sending a maliciously crafted set of VCards to a user, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-40, CVE-2006-2781) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Thunderbird would still execute them since BOM markers are filtered out before processing a mail containing JavaScript. (MFSA 2006-42, CVE-2006-2783) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Thunderbird and the proxy server, a malicious HTML email can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened website. (MFSA 2006-33, CVE-2006-2786) It was discovered that JavaScript run via EvalInSandbox() can escape the sandbox. Malicious scripts received in emails containing JavaScript could use these privileges to execute arbitrary code with the user's privileges. (MFSA 2006-31, CVE-2006-2787) The 'enigmail' plugin has been updated to work with the new Thunderbird version. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27870
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27870
    title Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0609.NASL
    description Updated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way SeaMonkey processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Two flaws were found in the way SeaMonkey-mail displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running Mozilla-mail. (CVE-2006-2781, CVE-2006-3804) A cross-site scripting flaw was found in the way SeaMonkey processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way SeaMonkey handled JavaScript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way SeaMonkey called the crypto.signText() JavaScript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way SeaMonkey processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way SeaMonkey processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Mozilla. (CVE-2006-2788) Users of Mozilla are advised to upgrade to this update, which contains SeaMonkey version 1.0.3 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22163
    published 2006-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22163
    title CentOS 4 : seamonkey (CESA-2006:0609)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0611.NASL
    description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues : Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809) Several denial of service flaws were found in the way Thunderbird processed certain mail messages. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Thunderbird handled JavaScript input object mutation. A malicious mail message could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Thunderbird called the crypto.signText() JavaScript function. A malicious mail message could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) A flaw was found in the way Thunderbird processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install client malware. (CVE-2006-3808) Note: Please note that JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable with JavaScript disabled. Two flaws were found in the way Thunderbird displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running Thunderbird. (CVE-2006-2781, CVE-2006-3804) A cross site scripting flaw was found in the way Thunderbird processed Unicode Byte-order-Mark (BOM) markers in UTF-8 mail messages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Two HTTP response smuggling flaws were found in the way Thunderbird processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to crash Thunderbird. (CVE-2006-2788) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.5 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22138
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22138
    title CentOS 4 : thunderbird (CESA-2006:0611)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0594.NASL
    description Updated SeaMonkey packages that fix several security bugs in the mozilla packages are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 2.1 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way SeaMonkey processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Two flaws were found in the way SeaMonkey Messenger displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running SeaMonkey Messenger. (CVE-2006-2781, CVE-2006-3804) A cross-site scripting flaw was found in the way SeaMonkey processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way SeaMonkey handled JavaScript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way SeaMonkey called the crypto.signText() JavaScript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way SeaMonkey processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way SeaMonkey processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page it was possible to execute arbitrary code as the user running SeaMonkey. (CVE-2006-2788) Users of Mozilla are advised to upgrade to this update, which contains SeaMonkey version 1.0.3 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22291
    published 2006-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22291
    title RHEL 2.1 : seamonkey (RHSA-2006:0594)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0610.NASL
    description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues : Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way Firefox processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) A cross-site scripting flaw was found in the way Firefox processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783) Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Firefox handled JavaScript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Firefox called the crypto.signText() JavaScript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way Firefox processed certain invalid HTTP response headers. A malicious website could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way Firefox processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary JavaScript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Firefox. (CVE-2006-2788) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.5 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22121
    published 2006-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22121
    title RHEL 4 : firefox (RHSA-2006:0610)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1118.NASL
    description Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39] - CVE-2006-2775 XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35] - CVE-2006-2776 Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and 'moz_bug_r_a4' demonstrated that the higher privilege level could be passed along to the content-defined attack code. [MFSA-2006-37] - CVE-2006-2777 A vulnerability allows remote attackers to execute arbitrary code and create notifications that are executed in a privileged context. [MFSA-2006-43] - CVE-2006-2778 Mikolaj Habryn discovered a buffer overflow in the crypto.signText function that allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments. [MFSA-2006-38] - CVE-2006-2779 Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. This problem has only partially been corrected. [MFSA-2006-32] - CVE-2006-2780 An integer overflow allows remote attackers to cause a denial of service and may permit the execution of arbitrary code. [MFSA-2006-32] - CVE-2006-2781 Masatoshi Kimura discovered a double-free vulnerability that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a VCard. [MFSA-2006-40] - CVE-2006-2782 Chuck McAuley discovered that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729] - CVE-2006-2783 Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM) is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page, which allows remote attackers to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42] - CVE-2006-2784 Paul Nickerson discovered that the fix for CVE-2005-0752 can be bypassed using nested javascript: URLs, allowing the attacker to execute privileged code. [MFSA-2005-34, MFSA-2006-36] - CVE-2006-2785 Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run. [MFSA-2006-34] - CVE-2006-2786 Kazuho Oku discovered that Mozilla's lenient handling of HTTP header syntax may allow remote attackers to trick the browser to interpret certain responses as if they were responses from two different sites. [MFSA-2006-33] - CVE-2006-2787 The Mozilla researcher 'moz_bug_r_a4' discovered that JavaScript run via EvalInSandbox can escape the sandbox and gain elevated privilege. [MFSA-2006-31]
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22660
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22660
    title Debian DSA-1118-1 : mozilla - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1134.NASL
    description Several security related problems have been discovered in Mozilla which are also present in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39] - CVE-2006-2775 XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35] - CVE-2006-2776 Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and 'moz_bug_r_a4' demonstrated that the higher privilege level could be passed along to the content-defined attack code. [MFSA-2006-37] - CVE-2006-2777 A vulnerability allows remote attackers to execute arbitrary code and create notifications that are executed in a privileged context. [MFSA-2006-43] - CVE-2006-2778 Mikolaj Habryn discovered a buffer overflow in the crypto.signText function that allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments. [MFSA-2006-38] - CVE-2006-2779 Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. This problem has only partially been corrected. [MFSA-2006-32] - CVE-2006-2780 An integer overflow allows remote attackers to cause a denial of service and may permit the execution of arbitrary code. [MFSA-2006-32] - CVE-2006-2781 Masatoshi Kimura discovered a double-free vulnerability that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a VCard. [MFSA-2006-40] - CVE-2006-2782 Chuck McAuley discovered that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729] - CVE-2006-2783 Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM) is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page, which allows remote attackers to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42] - CVE-2006-2784 Paul Nickerson discovered that the fix for CVE-2005-0752 can be bypassed using nested javascript: URLs, allowing the attacker to execute privileged code. [MFSA-2005-34, MFSA-2006-36] - CVE-2006-2785 Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run. [MFSA-2006-34] - CVE-2006-2786 Kazuho Oku discovered that Mozilla's lenient handling of HTTP header syntax may allow remote attackers to trick the browser to interpret certain responses as if they were responses from two different sites. [MFSA-2006-33] - CVE-2006-2787 The Mozilla researcher 'moz_bug_r_a4' discovered that JavaScript run via EvalInSandbox can escape the sandbox and gain elevated privilege. [MFSA-2006-31]
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22676
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22676
    title Debian DSA-1134-1 : mozilla-thunderbird - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-297-3.NASL
    description USN-297-1 fixed several vulnerabilities in Thunderbird for the Ubuntu 6.06 LTS release. This update provides the corresponding fixes for Ubuntu 5.04 and Ubuntu 5.10. For reference, these are the details of the original USN : Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By sending an email with malicious JavaScript to an user, and that user enabled JavaScript in Thunderbird (which is not the default and not recommended), this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780) Masatoshi Kimura discovered a memory corruption (double-free) when processing a large VCard with invalid base64 characters in it. By sending a maliciously crafted set of VCards to a user, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-40, CVE-2006-2781) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Thunderbird would still execute them since BOM markers are filtered out before processing a mail containing JavaScript. (MFSA 2006-42, CVE-2006-2783) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Thunderbird and the proxy server, a malicious HTML email can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened web site. (MFSA 2006-33, CVE-2006-2786) It was discovered that JavaScript run via EvalInSandbox() can escape the sandbox. Malicious scripts received in emails containing JavaScript could use these privileges to execute arbitrary code with the user's privileges. (MFSA 2006-31, CVE-2006-2787). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27872
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27872
    title Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-297-3)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-323-1.NASL
    description Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-38, CVE-2006-2778) The Mozilla developer team discovered several bugs that lead to crashes with memory corruption. These might be exploitable by malicious websites to execute arbitrary code with the privileges of the user. (MFSA 2006-32, CVE-2006-2779, CVE-2006-2780) Masatoshi Kimura discovered a memory corruption (double-free) when processing a large VCard with invalid base64 characters in it. By sending a maliciously crafted set of VCards to a user, this could potentially be exploited to execute arbitrary code with the user's privileges. (MFSA 2006-40, CVE-2006-2781) Chuck McAuley reported that the fix for CVE-2006-1729 (file stealing by changing input type) was not sufficient to prevent all variants of exploitation. (MFSA 2006-41, CVE-2006-2782) Masatoshi Kimura found a way to bypass web input sanitizers which filter out JavaScript. By inserting 'Unicode Byte-order-Mark (BOM)' characters into the HTML code (e. g. ''), these filters might not recognize the tags anymore; however, Mozilla would still execute them since BOM markers are filtered out before processing the page. (MFSA 2006-42, CVE-2006-2783) Paul Nickerson noticed that the fix for CVE-2005-0752 (JavaScript privilege escalation on the plugins page) was not sufficient to prevent all variants of exploitation. (MFSA 2006-36, CVE-2006-2784) Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose 'View Image' from the context menu then he could get JavaScript to run on a site of the attacker's choosing. This could be used to steal login cookies or other confidential information from the target site. (MFSA 2006-34, CVE-2006-2785) Kazuho Oku discovered various ways to perform HTTP response smuggling when used with certain proxy servers. Due to different interpretation of nonstandard HTTP headers in Mozilla and the proxy server, a malicious website can exploit this to send back two responses to one request. The second response could be used to steal login cookies or other sensitive data from another opened website. (MFSA 2006-33, CVE-2006-2786). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 27901
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27901
    title Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-323-1)
oval via4
accepted 2013-04-29T04:22:45.288-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description fined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
family unix
id oval:org.mitre.oval:def:9849
status accepted
submitted 2010-07-09T03:56:16-04:00
title Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2006:0578
  • rhsa
    id RHSA-2006:0594
  • rhsa
    id RHSA-2006:0609
  • rhsa
    id RHSA-2006:0610
  • rhsa
    id RHSA-2006:0611
refmap via4
bid 18228
bugtraq 20060602 rPSA-2006-0091-1 firefox thunderbird
cert TA06-153A
cert-vn VU#575969
confirm http://www.mozilla.org/security/announce/2006/mfsa2006-37.html
debian
  • DSA-1118
  • DSA-1120
  • DSA-1134
gentoo
  • GLSA-200606-12
  • GLSA-200606-21
hp
  • HPSBUX02153
  • HPSBUX02156
  • SSRT061181
  • SSRT061236
mandriva
  • MDKSA-2006:143
  • MDKSA-2006:145
  • MDKSA-2006:146
sectrack
  • 1016202
  • 1016214
secunia
  • 20376
  • 20382
  • 20561
  • 20709
  • 21134
  • 21176
  • 21178
  • 21183
  • 21188
  • 21210
  • 21269
  • 21270
  • 21324
  • 21336
  • 21532
  • 21607
  • 21631
  • 22065
  • 22066
  • 24108
sunalert 102800
suse SUSE-SA:2006:035
ubuntu
  • USN-296-1
  • USN-296-2
  • USN-297-1
  • USN-297-3
  • USN-323-1
vupen
  • ADV-2006-2106
  • ADV-2006-3748
  • ADV-2006-3749
  • ADV-2007-0573
  • ADV-2008-0083
xf mozilla-contentdefined-code-execution(26848)
Last major update 07-03-2011 - 21:37
Published 02-06-2006 - 14:02
Last modified 18-10-2018 - 12:41
Back to Top