ID CVE-2006-1790
Summary A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 18-10-2018 - 16:36)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:12:18.063-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
    family unix
    id oval:org.mitre.oval:def:11202
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
    version 23
  • accepted 2007-03-21T16:16:47.157-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
    family windows
    id oval:org.mitre.oval:def:1266
    status accepted
    submitted 2006-05-07T09:05:00.000-04:00
    title Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)
    version 3
redhat via4
advisories
  • bugzilla
    id 188844
    title CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
    oval
    AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
    rhsa
    id RHSA-2006:0328
    released 2006-04-14
    severity Critical
    title RHSA-2006:0328: firefox security update (Critical)
  • bugzilla
    id 188810
    title CVE-2006-0748 Table Rebuilding Code Execution Vulnerability
    oval
    OR
    • AND
      comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • AND
      comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    rhsa
    id RHSA-2006:0329
    released 2006-04-18
    severity Critical
    title RHSA-2006:0329: mozilla security update (Critical)
  • bugzilla
    id 189181
    title CVE-2006-0296 XULDocument.persist() RDF data injection
    oval
    AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
    rhsa
    id RHSA-2006:0330
    released 2006-04-21
    severity Critical
    title RHSA-2006:0330: thunderbird security update (Critical)
refmap via4
bid 17516
confirm
debian
  • DSA-1044
  • DSA-1046
  • DSA-1051
fedora
  • FEDORA-2006-410
  • FEDORA-2006-411
  • FLSA:189137-1
  • FLSA:189137-2
gentoo
  • GLSA-200604-12
  • GLSA-200604-18
  • GLSA-200605-09
hp
  • HPSBUX02122
  • SSRT061158
mandriva
  • MDKSA-2006:075
  • MDKSA-2006:076
sco SCOSA-2006.26
secunia
  • 19631
  • 19714
  • 19721
  • 19729
  • 19746
  • 19759
  • 19780
  • 19794
  • 19811
  • 19852
  • 19862
  • 19863
  • 19902
  • 19941
  • 19950
  • 20051
  • 21033
  • 21622
sgi 20060404-01-U
sunalert
  • 102550
  • 228526
suse SUSE-SA:2006:021
ubuntu
  • USN-271-1
  • USN-275-1
  • USN-276-1
vupen ADV-2006-1356
xf mozilla-installtrigger-memory-corruption(25809)
Last major update 18-10-2018 - 16:36
Published 14-04-2006 - 19:02
Back to Top