CERTA-2006-AVI-227
Vulnerability from certfr_avis

None

Description

De multiples vulnérabilités présentes dans Mozilla Firefox, Thunderbird et SeaMonkey permettent à un utilisateur mal intentionné de provoquer un déni de service à distance, d'élever ses privilèges localement, de réaliser une attaque de type Cross-Site Scripting ou, enfin, d'exécuter du code arbitraire à distance.

Solution

Les versions 1.5.0.4 de Firefox, 1.5.0.4 de Thunderbird et 1.0.2 de SeaMonkey corrigent le problème :

http://www.mozilla.org/firefox

http://www.mozilla.org/thunderbird

http://www.mozilla.org/seamonkey
None
Impacted products
Vendor Product Description
Mozilla N/A Mozilla SeaMonkey 1.0.1 et antérieures ;
Mozilla Firefox Mozilla Firefox 1.5.0.3 et antérieures ;
Mozilla N/A Mozilla 1.7 pour Sun Solaris OS8, OS9 et OS10.
Mozilla Thunderbird Mozilla Thunderbird 1.5.0.2 et antérieures ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla SeaMonkey 1.0.1 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Firefox 1.5.0.3 et ant\u00e9rieures ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla 1.7 pour Sun Solaris OS8, OS9 et OS10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Thunderbird 1.5.0.2 et ant\u00e9rieures ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Mozilla Firefox, Thunderbird\net SeaMonkey permettent \u00e0 un utilisateur mal intentionn\u00e9 de provoquer un\nd\u00e9ni de service \u00e0 distance, d\u0027\u00e9lever ses privil\u00e8ges localement, de\nr\u00e9aliser une attaque de type Cross-Site Scripting ou, enfin, d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n\n## Solution\n\nLes versions 1.5.0.4 de Firefox, 1.5.0.4 de Thunderbird et 1.0.2 de\nSeaMonkey corrigent le probl\u00e8me :\n\n    http://www.mozilla.org/firefox\n\n    http://www.mozilla.org/thunderbird\n\n    http://www.mozilla.org/seamonkey\n",
  "cves": [
    {
      "name": "CVE-2006-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2783"
    },
    {
      "name": "CVE-2006-2779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2779"
    },
    {
      "name": "CVE-2006-2784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2784"
    },
    {
      "name": "CVE-2006-2778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2778"
    },
    {
      "name": "CVE-2006-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2776"
    },
    {
      "name": "CVE-2006-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2781"
    },
    {
      "name": "CVE-2006-2775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2775"
    },
    {
      "name": "CVE-2006-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2780"
    },
    {
      "name": "CVE-2006-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2787"
    }
  ],
  "initial_release_date": "2006-06-02T00:00:00",
  "last_revision_date": "2007-10-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1120 du 23 juillet 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1120"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-297-3 du 26 Juillet 2006 :",
      "url": "http://www.ubuntu.com/usn/usn-297-3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200606-12 du 11 juin 2006    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-34 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-34.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun 102943 du 11 octobre 2007 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-38 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-35 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-35.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-43 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-43.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-42 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-42.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-41 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-41.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1118 du 22 juillet 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1118"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-40 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-40.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-36 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-36.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-33 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-37 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-37.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat RHSA-2006-0610 du 31 juillet    2006 :",
      "url": "http://www.rhn.redhat.com/errata/RHSA-2006-0610.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1134 du 02 aout 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1134"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-32 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-32.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat RHSA-2006-0611 du 31 juillet    2006 :",
      "url": "http://www.rhn.redhat.com/errata/RHSA-2006-0611.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-31 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-31.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-39 :",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
    }
  ],
  "reference": "CERTA-2006-AVI-227",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2006-06-02T00:00:00.000000"
    },
    {
      "description": "ajout de SeaMonkey dans la liste des logiciels concern\u00e9s.",
      "revision_date": "2006-06-06T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2006-06-12T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Debian.",
      "revision_date": "2006-07-24T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE et des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Ubuntu.",
      "revision_date": "2006-07-27T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Redhat et Debian.",
      "revision_date": "2006-08-02T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Sun.",
      "revision_date": "2007-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Attaque de type cross-site scripting"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Mozilla du 01 juin 2006",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.