var-200609-0414
Vulnerability from variot
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Apple QuickTime Contains a vulnerability that allows arbitrary commands to be executed. Apple QuickTime Is Windows And Apple OS X Is a media player that supports. Also, Internet Explorer And Safari , Netscape A compatible browser plug-in is also provided. Web The page creator Web In the page QuickTime Movie When incorporating QuickTime link (.qtl) You can specify parameters for starting an application using a file. One of the parameters that can be specified qtnext Is used to specify the location of multimedia files to import and play. this qtnext A vulnerability exists that allows arbitrary commands to be executed using parameters. A verification code using this vulnerability has already been released.User crafted QuickTime Open a file qtl Including files Web By browsing the page, a remote attacker may execute arbitrary commands. Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl). Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks. QuickTime 7.1.3 is vulnerable; other versions may also be affected.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, bypass certain security restrictions, manipulate certain data, and compromise a user's system.
For more information: SA20442 SA22048 SA25904 SA26288 SA27311
SOLUTION: Apply updated packages.
x86 Platform:
openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm fcd6aebb85486f2fd1f5f21f6be6f7c5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm c0a5f55e55819330bbaedb1562d3b3ab http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-1.1.5-0.1.i586.rpm e28e54f197e18a1437f7e4e2d61f7716 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-dom-inspector-1.1.5-0.1.i586.rpm 8ce609f4f23e125a3fde4e098c2f8387 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-irc-1.1.5-0.1.i586.rpm fc5ef53403ab657af5f3a03cf0dea515 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-mail-1.1.5-0.1.i586.rpm 84e622b990a471319a6e155fe78c7a71 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-spellchecker-1.1.5-0.1.i586.rpm 5668c7e37f7d3f7ab958659efbf6393f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-venkman-1.1.5-0.1.i586.rpm 7cab38da286e5c6b61eee35253159b2d
openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm 63b9dcf5769346e9fa63cc5bc58cbf2f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm 86c8f71674d54597867bbfef0523f455 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-1.1.5-0.1.i586.rpm 56ae1f2a6d01b66e7b828811baef386f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-dom-inspector-1.1.5-0.1.i586.rpm f90f8b1a40acb84af586070b2b36a3c7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-irc-1.1.5-0.1.i586.rpm b6f30d4a98dd664f531f9c7b0c5361a7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-mail-1.1.5-0.1.i586.rpm 12f05e3f903e3588a33e129ad5afa2ba ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-spellchecker-1.1.5-0.1.i586.rpm 8c5ae9dfe961c2dd22c5858e34f1ddcd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-venkman-1.1.5-0.1.i586.rpm 4b9d7b965de396aba2dae8d44e02d2ed
SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-2.0.0.8-1.2.i586.rpm 0c79e6ed846f58ee38f2195899700783 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.2.i586.rpm 2b1f78a24b7c604e491f874b4ee010eb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-1.0.9-1.5.i586.rpm 136302b1383bfa10e6963ac51c487156 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-calendar-1.0.9-1.5.i586.rpm e1cb5dd0e2f58ddfcf1e6aeba8188f2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-dom-inspector-1.0.9-1.5.i586.rpm 540c5555216bbfb8e083cadacf97cd56 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-irc-1.0.9-1.5.i586.rpm 0289839942737ac0942dd2a9f5eefe9b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-mail-1.0.9-1.5.i586.rpm 0795a2047ccf35a566480a9b66de3b95 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-spellchecker-1.0.9-1.5.i586.rpm e85070685e2a7306c942880786261678 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-venkman-1.0.9-1.5.i586.rpm 29dba3d7132a130c2a7fe454556ed8a9
SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm b443c59893edc2831856b44cb45d6818 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm ed267848820945045e32a853fee275d9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.8_seamonkey_1.0.9-2.7.i586.rpm 66fce2adb0f9afae473ef0fe95dced71 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.i586.rpm 2bd9fd5b7441f14d102f67b7dfd59ba9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.8_seamonkey_1.0.9-2.7.i586.rpm d9f3f1505fcfb25af2980ac738ede92e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.i586.rpm 60e214cfb4c3a4786e2cd1a3238c5aeb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.8_seamonkey_1.0.9-2.7.i586.rpm c17c89b837b176c532dd4df5d5fe208c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-ko-1.75-3.5.i586.rpm d4175069e22129dc9355d7db0492f250 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.8_seamonkey_1.0.9-2.7.i586.rpm 98a94679da3e405c7ed1ff7ae9405224 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.i586.rpm 2c6a412a94f5912907b0c6bcd07124e5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.i586.rpm f4f5da1e91972d8d188757389dcb5057 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-CN-1.7-6.5.i586.rpm 5fb2bf8cb496278cc3311c6db64551ff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-TW-1.7-6.5.i586.rpm 39e86845e27e9923476a8cde8da90eff
Power PC Platform:
openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm 9c9ac689cc29aae1488c7ad7b92d0bdd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm 21e9f77bbb3c20814137327f6eaee9f9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm cc32112a9f89abba812147e40d0255d0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-dom-inspector-1.1.5-0.1.ppc.rpm 2c925817e2a4c98463cb9c09237a6cb5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc.rpm facd6df5c71d962063177fc348bb767f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-mail-1.1.5-0.1.ppc.rpm 03df79f55ac1616296b7e0742013e8ad http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-spellchecker-1.1.5-0.1.ppc.rpm f06ae78053dd6cf62454fd1f39123633 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-venkman-1.1.5-0.1.ppc.rpm c478ed242f3224ff7fe30d77967e7bee
openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm 6cc2e85621a7f5bd5e4b7d079cf7205b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm f34326ed73827774922995a0091ea4c4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm f82ae91873004c2aca4a6886df913ac7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-dom-inspector-1.1.5-0.1.ppc.rpm 5e54828377b091f9630628f5b1f22312 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc.rpm f6fee9249b8b8ed0169f45a31845e54d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-mail-1.1.5-0.1.ppc.rpm 0bb3655011a19a1b5c8e20a275151eaa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-spellchecker-1.1.5-0.1.ppc.rpm 06d93fdc67ea905637258c00a69f0a6d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-venkman-1.1.5-0.1.ppc.rpm fdab90f20d0e9603cdde5ae40c59ec78
SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-2.0.0.8-1.2.ppc.rpm 04972567fc2d1b3c9a1cd48de0a6a719 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.2.ppc.rpm b221dcecab11e53206be8d2b68af2897 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.9-1.5.ppc.rpm 4ebcb7702a69f0296fec491e8e06eb8f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-calendar-1.0.9-1.5.ppc.rpm bd1952ecd073cf8431f2444a3e4d4645 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-dom-inspector-1.0.9-1.5.ppc.rpm d3b6f079dd977541fb12b3c931581e49 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-irc-1.0.9-1.5.ppc.rpm 82c041d37045a1eb1faba6a0b793d29b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-mail-1.0.9-1.5.ppc.rpm 66c77272f5d36f3b7338afc5b4c7f5a8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-spellchecker-1.0.9-1.5.ppc.rpm 2754235ca272e2f471d23dfe298b976c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-venkman-1.0.9-1.5.ppc.rpm 4cb01eb812c293bfadaf636d91ba2f6b
SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm 53176a31ec82d1433b9c85bdb5e4d55d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm 73cd0d20c927925d0c5fb8313e8e7761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-1.8_seamonkey_1.0.9-2.7.ppc.rpm f2f91a58e1141ef80c23528aca6ea4f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.ppc.rpm 9d48e1cc4486f0456c85a286acdfdd2f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-devel-1.8_seamonkey_1.0.9-2.7.ppc.rpm 6ce5464cbf1d814d79f3572735668bc3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.ppc.rpm dba8224a3018683fb25ef153f5c9216f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-irc-1.8_seamonkey_1.0.9-2.7.ppc.rpm d3a6233e9be5b73a13c77116b9be6659 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-ko-1.75-3.5.ppc.rpm 6aec834bdb366e4132c14186a8af7a5e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-mail-1.8_seamonkey_1.0.9-2.7.ppc.rpm 74db865b27ddf466507a9f53927977f2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.ppc.rpm 863dfd26f01216c2a355d8a6873509a8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.ppc.rpm 6655b800453b4352a7f0767fbdc16c99 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-CN-1.7-6.5.ppc.rpm 3b1227b6646d573e0b36667cdbf8b431 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-TW-1.7-6.5.ppc.rpm ea3f2ec400ef34feb6181584dd2df51f
x86-64 Platform:
openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFirefox-2.0.0.8-1.1.x86_64.rpm 286bc8449e069e29d0185180ae9af95a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFirefox-translations-2.0.0.8-1.1.x86_64.rpm 423752fd83adb06750f5463ef86c4b94 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-1.1.5-0.1.x86_64.rpm 535f222a51cf9b2b02b87d1e4662e562 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-dom-inspector-1.1.5-0.1.x86_64.rpm 3e04002a25b7bb9fe4a4219e3a7fd177 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-irc-1.1.5-0.1.x86_64.rpm 21936c9d7ca8a79e825608ff8ed6e87f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-mail-1.1.5-0.1.x86_64.rpm f555ef7f3ff24402f806eda5abc0750f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-spellchecker-1.1.5-0.1.x86_64.rpm c2843979e9fa2e847e48e39b1561fc90 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-venkman-1.1.5-0.1.x86_64.rpm 248795e918196b3b6dd0b74e32747ea2
openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-2.0.0.8-1.1.x86_64.rpm 6feaf265388a8e0d74f56d0b339c1b7b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-translations-2.0.0.8-1.1.x86_64.rpm cc00f89ee535e0ead4036646b4a5b8aa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-1.1.5-0.1.x86_64.rpm 8791bfe757b4397d347be1e85be8c92d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-dom-inspector-1.1.5-0.1.x86_64.rpm 301c934989919c637aa6585c9b93ddaa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-irc-1.1.5-0.1.x86_64.rpm 8391c2b342d00def8fec429bed80597c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-mail-1.1.5-0.1.x86_64.rpm 56679451877bd2819907849119cae823 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-spellchecker-1.1.5-0.1.x86_64.rpm 126d4df4e4cfe9e727572fc3ea29cf6f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-venkman-1.1.5-0.1.x86_64.rpm 4f93cb97a2eb9e27b28356cd22acc358
SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-1.0.9-1.5.x86_64.rpm b1b6e0fb86137856bcb99f9eadc8b311 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-calendar-1.0.9-1.5.x86_64.rpm 9022c6152510f336e4a2dfea4be2d2fa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-dom-inspector-1.0.9-1.5.x86_64.rpm 8369f700d85a46e6cac2a144c0b83eba ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-irc-1.0.9-1.5.x86_64.rpm b9996f34dcd09395e11dfe7978136a46 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-mail-1.0.9-1.5.x86_64.rpm 76404dc283e649d15d12cae9c20479e2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-spellchecker-1.0.9-1.5.x86_64.rpm 7822779669eedc3a963cc073339b7ad7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-venkman-1.0.9-1.5.x86_64.rpm 900c48a2079694f4163efa8e868846a4
SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.8_seamonkey_1.0.9-2.7.x86_64.rpm c6e7c2fb0c20d62384a5705882980246 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 100a0e68b16325739f04e37112174ef5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 1f2f19a68a3bc76920f1acdc1b57f64d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.x86_64.rpm a37b87151167c84a2879fa21171f6869 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 27bdbef4228a6e38f043fb62d098d6ca ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-ko-1.75-3.5.x86_64.rpm 0329e13cf39f6b049b0eb6d77e0a5d3e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.8_seamonkey_1.0.9-2.7.x86_64.rpm bea94ac34f30deba19495135d401057f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.x86_64.rpm cbf92cb5ba4e9c8f8c759211dd98abb5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.x86_64.rpm 58366db4cf007ece188dc0b684653f43 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-CN-1.7-6.5.x86_64.rpm ff54d8d75657211b988c5f066290da47 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-TW-1.7-6.5.x86_64.rpm 991b44d1019e1691a226f4c4c34d01e7
Sources:
openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm 504257c7bb91d92c8c57f1d19a744885 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/seamonkey-1.1.5-0.1.src.rpm 3084f6f2578a126f4fc2ee09c4e99956
openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm ec010caa558bf186407aa6c01a0c86b9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/seamonkey-1.1.5-0.1.src.rpm 08b9664a84a9cd3e230fc548d1f700fa
SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.9-1.5.src.rpm da54807f0d499f28af2cb1618eead8e0
SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm 1fda55bec5840d4665ad497c29f1a607 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.8_seamonkey_1.0.9-2.7.src.rpm f259a9c634aa3b2a14f8896ce0d34f76 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-ko-1.75-3.5.src.rpm e7ecbfb4143f47767e179a1f2d9e7c94 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-CN-1.7-6.5.src.rpm a5096f53ac8f021e43fb0268c7d33839 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-TW-1.7-6.5.src.rpm 6871a8338eb79ad9b0c7f61a53429cef
Open Enterprise Server http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html
Novell Linux POS 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html
SUSE SLES 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html
UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html
SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html
SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html
SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html
SuSE Linux School Server http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html
SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html
Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html http://support.novell.com/techcenter/psdb/94e7e87449ed25841acaf9b535567347.html
SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
ORIGINAL ADVISORY: http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
OTHER REFERENCES: SA20442: http://secunia.com/advisories/20442/
SA22048: http://secunia.com/advisories/22048/
SA25904: http://secunia.com/advisories/25904/
SA26288: http://secunia.com/advisories/26288/
SA27311: http://secunia.com/advisories/27311/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. via applications invoking Firefox with unfiltered command line arguments.
This is related to: SA22048 SA25984
The security issue affects Firefox prior to version 2.0.0.7.
SOLUTION: Update to version 2.0.0.7.
NOTE: Support for Firefox 1.5.0.x has ended June 2007. The vendor encourages users to upgrade to Firefox 2.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
The vulnerability is caused due to an input validation error within the handling of system default URIs with registered URI handlers (e.g. "mailto", "news", "nntp", "snews", "telnet"). using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g. ".bat", ".cmd")
Examples: mailto:test%../../../../windows/system32/calc.exe".cmd nntp:../../../../../Windows/system32/telnet.exe" "secunia.com 80%.bat
Successful exploitation requires that Internet Explorer 7 is installed on the system.
The vulnerability is confirmed on a fully patched Windows XP SP2 and Windows Server 2003 SP2 system using Firefox version 2.0.0.5 and Netscape Navigator version 9.0b2.
SOLUTION: Do not browse untrusted websites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY: Vulnerability discovered by: * Billy (BK) Rios
Firefox not escaping quotes originally discussed by: * Jesper Johansson
Additional research by Secunia Research.
ORIGINAL ADVISORY: Billy (BK) Rios: http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/
OTHER REFERENCES: US-CERT VU#783400: http://www.kb.cert.org/vuls/id/783400
Jesper Johansson blog: http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-297B
Adobe Updates for Microsoft Windows URI Vulnerability
Original release date: October 24, 2007 Last revised: -- Source: US-CERT
Systems Affected
Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier
Overview
Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.
I. Description
Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150.
Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.
II.
III. Solution
Apply an update
Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows.
Disable the mailto: URI in Adobe Reader and Adobe Acrobat
If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details.
Appendix A. Vendor Information
Adobe
For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18.
Appendix B. References
* Adobe Security Bulletin APSB07-18 -
<http://www.adobe.com/support/security/bulletins/apsb07-18.htm>
* Microsoft Security Advisory (943521) -
<http://www.microsoft.com/technet/security/advisory/943521.mspx>
* US-CERT Vulnerability Note VU#403150 -
<http://www.kb.cert.org/vuls/id/403150>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-297B.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-297B Feedback VU#403150" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE----- .
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Internet web sites are normally not allowed to link to local resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0414",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mozilla",
"version": null
},
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "firefox",
"scope": "lte",
"trust": 0.8,
"vendor": "mozilla",
"version": "2.0.0.6"
},
{
"model": "seamonkey",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "quicktime",
"scope": "lte",
"trust": 0.8,
"vendor": "apple",
"version": "7.x"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.3"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "hat fedora core6",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "netscape",
"version": "8.1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.2"
},
{
"model": "firefox rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "firefox rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "quicktime plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "navigator",
"scope": "ne",
"trust": 0.3,
"vendor": "netscape",
"version": "9.0"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#751808"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "BID",
"id": "20138"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
},
{
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mozilla:firefox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:seamonkey",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pdp of gnucitizen.org is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "20138"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
}
],
"trust": 0.9
},
"cve": "CVE-2006-4965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-4965",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-21073",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-4965",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#751808",
"trust": 0.8,
"value": "35.11"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#403150",
"trust": 0.8,
"value": "18.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#783400",
"trust": 0.8,
"value": "25.52"
},
{
"author": "NVD",
"id": "CVE-2006-4965",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-21073",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#751808"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-21073"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
},
{
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Apple QuickTime Contains a vulnerability that allows arbitrary commands to be executed. Apple QuickTime Is Windows And Apple OS X Is a media player that supports. Also, Internet Explorer And Safari , Netscape A compatible browser plug-in is also provided. Web The page creator Web In the page QuickTime Movie When incorporating QuickTime link (.qtl) You can specify parameters for starting an application using a file. One of the parameters that can be specified qtnext Is used to specify the location of multimedia files to import and play. this qtnext A vulnerability exists that allows arbitrary commands to be executed using parameters. A verification code using this vulnerability has already been released.User crafted QuickTime Open a file qtl Including files Web By browsing the page, a remote attacker may execute arbitrary commands. Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl). Although this weakness doesn\u0027t pose any direct security threat by itself, an attacker may use it to aid in further attacks. \nQuickTime 7.1.3 is vulnerable; other versions may also be affected. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \nThis fixes a weakness and some vulnerabilities, which can be exploited\nby malicious people to disclose sensitive information, conduct\nphishing attacks, bypass certain security restrictions, manipulate\ncertain data, and compromise a user\u0027s system. \n\nFor more information:\nSA20442\nSA22048\nSA25904\nSA26288\nSA27311\n\nSOLUTION:\nApply updated packages. \n\nx86 Platform:\n\nopenSUSE 10.3:\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm\nfcd6aebb85486f2fd1f5f21f6be6f7c5\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm\nc0a5f55e55819330bbaedb1562d3b3ab\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-1.1.5-0.1.i586.rpm\ne28e54f197e18a1437f7e4e2d61f7716\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-dom-inspector-1.1.5-0.1.i586.rpm\n8ce609f4f23e125a3fde4e098c2f8387\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-irc-1.1.5-0.1.i586.rpm\nfc5ef53403ab657af5f3a03cf0dea515\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-mail-1.1.5-0.1.i586.rpm\n84e622b990a471319a6e155fe78c7a71\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-spellchecker-1.1.5-0.1.i586.rpm\n5668c7e37f7d3f7ab958659efbf6393f\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-venkman-1.1.5-0.1.i586.rpm\n7cab38da286e5c6b61eee35253159b2d\n\nopenSUSE 10.2:\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm\n63b9dcf5769346e9fa63cc5bc58cbf2f\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm\n86c8f71674d54597867bbfef0523f455\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-1.1.5-0.1.i586.rpm\n56ae1f2a6d01b66e7b828811baef386f\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-dom-inspector-1.1.5-0.1.i586.rpm\nf90f8b1a40acb84af586070b2b36a3c7\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-irc-1.1.5-0.1.i586.rpm\nb6f30d4a98dd664f531f9c7b0c5361a7\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-mail-1.1.5-0.1.i586.rpm\n12f05e3f903e3588a33e129ad5afa2ba\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-spellchecker-1.1.5-0.1.i586.rpm\n8c5ae9dfe961c2dd22c5858e34f1ddcd\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-venkman-1.1.5-0.1.i586.rpm\n4b9d7b965de396aba2dae8d44e02d2ed\n\nSUSE LINUX 10.1:\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-2.0.0.8-1.2.i586.rpm\n0c79e6ed846f58ee38f2195899700783\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.2.i586.rpm\n2b1f78a24b7c604e491f874b4ee010eb\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-1.0.9-1.5.i586.rpm\n136302b1383bfa10e6963ac51c487156\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-calendar-1.0.9-1.5.i586.rpm\ne1cb5dd0e2f58ddfcf1e6aeba8188f2c\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-dom-inspector-1.0.9-1.5.i586.rpm\n540c5555216bbfb8e083cadacf97cd56\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-irc-1.0.9-1.5.i586.rpm\n0289839942737ac0942dd2a9f5eefe9b\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-mail-1.0.9-1.5.i586.rpm\n0795a2047ccf35a566480a9b66de3b95\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-spellchecker-1.0.9-1.5.i586.rpm\ne85070685e2a7306c942880786261678\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-venkman-1.0.9-1.5.i586.rpm\n29dba3d7132a130c2a7fe454556ed8a9\n\nSUSE LINUX 10.0:\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-2.0.0.8-1.1.i586.rpm\nb443c59893edc2831856b44cb45d6818\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-translations-2.0.0.8-1.1.i586.rpm\ned267848820945045e32a853fee275d9\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.8_seamonkey_1.0.9-2.7.i586.rpm\n66fce2adb0f9afae473ef0fe95dced71\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.i586.rpm\n2bd9fd5b7441f14d102f67b7dfd59ba9\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.8_seamonkey_1.0.9-2.7.i586.rpm\nd9f3f1505fcfb25af2980ac738ede92e\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.i586.rpm\n60e214cfb4c3a4786e2cd1a3238c5aeb\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.8_seamonkey_1.0.9-2.7.i586.rpm\nc17c89b837b176c532dd4df5d5fe208c\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-ko-1.75-3.5.i586.rpm\nd4175069e22129dc9355d7db0492f250\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.8_seamonkey_1.0.9-2.7.i586.rpm\n98a94679da3e405c7ed1ff7ae9405224\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.i586.rpm\n2c6a412a94f5912907b0c6bcd07124e5\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.i586.rpm\nf4f5da1e91972d8d188757389dcb5057\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-CN-1.7-6.5.i586.rpm\n5fb2bf8cb496278cc3311c6db64551ff\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-TW-1.7-6.5.i586.rpm\n39e86845e27e9923476a8cde8da90eff\n\nPower PC Platform:\n\nopenSUSE 10.3:\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm\n9c9ac689cc29aae1488c7ad7b92d0bdd\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm\n21e9f77bbb3c20814137327f6eaee9f9\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm\ncc32112a9f89abba812147e40d0255d0\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-dom-inspector-1.1.5-0.1.ppc.rpm\n2c925817e2a4c98463cb9c09237a6cb5\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc.rpm\nfacd6df5c71d962063177fc348bb767f\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-mail-1.1.5-0.1.ppc.rpm\n03df79f55ac1616296b7e0742013e8ad\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-spellchecker-1.1.5-0.1.ppc.rpm\nf06ae78053dd6cf62454fd1f39123633\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-venkman-1.1.5-0.1.ppc.rpm\nc478ed242f3224ff7fe30d77967e7bee\n\nopenSUSE 10.2:\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm\n6cc2e85621a7f5bd5e4b7d079cf7205b\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm\nf34326ed73827774922995a0091ea4c4\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm\nf82ae91873004c2aca4a6886df913ac7\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-dom-inspector-1.1.5-0.1.ppc.rpm\n5e54828377b091f9630628f5b1f22312\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc.rpm\nf6fee9249b8b8ed0169f45a31845e54d\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-mail-1.1.5-0.1.ppc.rpm\n0bb3655011a19a1b5c8e20a275151eaa\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-spellchecker-1.1.5-0.1.ppc.rpm\n06d93fdc67ea905637258c00a69f0a6d\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-venkman-1.1.5-0.1.ppc.rpm\nfdab90f20d0e9603cdde5ae40c59ec78\n\nSUSE LINUX 10.1:\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-2.0.0.8-1.2.ppc.rpm\n04972567fc2d1b3c9a1cd48de0a6a719\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.2.ppc.rpm\nb221dcecab11e53206be8d2b68af2897\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.9-1.5.ppc.rpm\n4ebcb7702a69f0296fec491e8e06eb8f\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-calendar-1.0.9-1.5.ppc.rpm\nbd1952ecd073cf8431f2444a3e4d4645\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-dom-inspector-1.0.9-1.5.ppc.rpm\nd3b6f079dd977541fb12b3c931581e49\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-irc-1.0.9-1.5.ppc.rpm\n82c041d37045a1eb1faba6a0b793d29b\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-mail-1.0.9-1.5.ppc.rpm\n66c77272f5d36f3b7338afc5b4c7f5a8\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-spellchecker-1.0.9-1.5.ppc.rpm\n2754235ca272e2f471d23dfe298b976c\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-venkman-1.0.9-1.5.ppc.rpm\n4cb01eb812c293bfadaf636d91ba2f6b\n\nSUSE LINUX 10.0:\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.ppc.rpm\n53176a31ec82d1433b9c85bdb5e4d55d\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-translations-2.0.0.8-1.1.ppc.rpm\n73cd0d20c927925d0c5fb8313e8e7761\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-1.8_seamonkey_1.0.9-2.7.ppc.rpm\nf2f91a58e1141ef80c23528aca6ea4f7\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.ppc.rpm\n9d48e1cc4486f0456c85a286acdfdd2f\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-devel-1.8_seamonkey_1.0.9-2.7.ppc.rpm\n6ce5464cbf1d814d79f3572735668bc3\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.ppc.rpm\ndba8224a3018683fb25ef153f5c9216f\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-irc-1.8_seamonkey_1.0.9-2.7.ppc.rpm\nd3a6233e9be5b73a13c77116b9be6659\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-ko-1.75-3.5.ppc.rpm\n6aec834bdb366e4132c14186a8af7a5e\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-mail-1.8_seamonkey_1.0.9-2.7.ppc.rpm\n74db865b27ddf466507a9f53927977f2\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.ppc.rpm\n863dfd26f01216c2a355d8a6873509a8\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.ppc.rpm\n6655b800453b4352a7f0767fbdc16c99\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-CN-1.7-6.5.ppc.rpm\n3b1227b6646d573e0b36667cdbf8b431\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-TW-1.7-6.5.ppc.rpm\nea3f2ec400ef34feb6181584dd2df51f\n\nx86-64 Platform:\n\nopenSUSE 10.3:\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFirefox-2.0.0.8-1.1.x86_64.rpm\n286bc8449e069e29d0185180ae9af95a\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFirefox-translations-2.0.0.8-1.1.x86_64.rpm\n423752fd83adb06750f5463ef86c4b94\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-1.1.5-0.1.x86_64.rpm\n535f222a51cf9b2b02b87d1e4662e562\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-dom-inspector-1.1.5-0.1.x86_64.rpm\n3e04002a25b7bb9fe4a4219e3a7fd177\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-irc-1.1.5-0.1.x86_64.rpm\n21936c9d7ca8a79e825608ff8ed6e87f\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-mail-1.1.5-0.1.x86_64.rpm\nf555ef7f3ff24402f806eda5abc0750f\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-spellchecker-1.1.5-0.1.x86_64.rpm\nc2843979e9fa2e847e48e39b1561fc90\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-venkman-1.1.5-0.1.x86_64.rpm\n248795e918196b3b6dd0b74e32747ea2\n\nopenSUSE 10.2:\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-2.0.0.8-1.1.x86_64.rpm\n6feaf265388a8e0d74f56d0b339c1b7b\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-translations-2.0.0.8-1.1.x86_64.rpm\ncc00f89ee535e0ead4036646b4a5b8aa\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-1.1.5-0.1.x86_64.rpm\n8791bfe757b4397d347be1e85be8c92d\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-dom-inspector-1.1.5-0.1.x86_64.rpm\n301c934989919c637aa6585c9b93ddaa\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-irc-1.1.5-0.1.x86_64.rpm\n8391c2b342d00def8fec429bed80597c\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-mail-1.1.5-0.1.x86_64.rpm\n56679451877bd2819907849119cae823\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-spellchecker-1.1.5-0.1.x86_64.rpm\n126d4df4e4cfe9e727572fc3ea29cf6f\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-venkman-1.1.5-0.1.x86_64.rpm\n4f93cb97a2eb9e27b28356cd22acc358\n\nSUSE LINUX 10.1:\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-1.0.9-1.5.x86_64.rpm\nb1b6e0fb86137856bcb99f9eadc8b311\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-calendar-1.0.9-1.5.x86_64.rpm\n9022c6152510f336e4a2dfea4be2d2fa\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-dom-inspector-1.0.9-1.5.x86_64.rpm\n8369f700d85a46e6cac2a144c0b83eba\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-irc-1.0.9-1.5.x86_64.rpm\nb9996f34dcd09395e11dfe7978136a46\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-mail-1.0.9-1.5.x86_64.rpm\n76404dc283e649d15d12cae9c20479e2\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-spellchecker-1.0.9-1.5.x86_64.rpm\n7822779669eedc3a963cc073339b7ad7\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-venkman-1.0.9-1.5.x86_64.rpm\n900c48a2079694f4163efa8e868846a4\n\nSUSE LINUX 10.0:\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\nc6e7c2fb0c20d62384a5705882980246\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\n100a0e68b16325739f04e37112174ef5\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\n1f2f19a68a3bc76920f1acdc1b57f64d\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\na37b87151167c84a2879fa21171f6869\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\n27bdbef4228a6e38f043fb62d098d6ca\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-ko-1.75-3.5.x86_64.rpm\n0329e13cf39f6b049b0eb6d77e0a5d3e\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\nbea94ac34f30deba19495135d401057f\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecker-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\ncbf92cb5ba4e9c8f8c759211dd98abb5\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.8_seamonkey_1.0.9-2.7.x86_64.rpm\n58366db4cf007ece188dc0b684653f43\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-CN-1.7-6.5.x86_64.rpm\nff54d8d75657211b988c5f066290da47\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-TW-1.7-6.5.x86_64.rpm\n991b44d1019e1691a226f4c4c34d01e7\n\nSources:\n\nopenSUSE 10.3:\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm\n504257c7bb91d92c8c57f1d19a744885\nhttp://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/seamonkey-1.1.5-0.1.src.rpm\n3084f6f2578a126f4fc2ee09c4e99956\n\nopenSUSE 10.2:\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm\nec010caa558bf186407aa6c01a0c86b9\nftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/seamonkey-1.1.5-0.1.src.rpm\n08b9664a84a9cd3e230fc548d1f700fa\n\nSUSE LINUX 10.1:\nftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.9-1.5.src.rpm\nda54807f0d499f28af2cb1618eead8e0\n\nSUSE LINUX 10.0:\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-2.0.0.8-1.1.src.rpm\n1fda55bec5840d4665ad497c29f1a607\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.8_seamonkey_1.0.9-2.7.src.rpm\nf259a9c634aa3b2a14f8896ce0d34f76\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-ko-1.75-3.5.src.rpm\ne7ecbfb4143f47767e179a1f2d9e7c94\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-CN-1.7-6.5.src.rpm\na5096f53ac8f021e43fb0268c7d33839\nftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-TW-1.7-6.5.src.rpm\n6871a8338eb79ad9b0c7f61a53429cef\n\nOpen Enterprise Server\nhttp://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html\n\nNovell Linux POS 9\nhttp://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html\n\nSUSE SLES 9\nhttp://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html\n\nUnitedLinux 1.0\nhttp://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html\n\nSuSE Linux Openexchange Server 4\nhttp://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html\n\nSuSE Linux Enterprise Server 8\nhttp://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html\n\nSuSE Linux Standard Server 8\nhttp://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html\n\nSuSE Linux School Server\nhttp://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html\n\nSUSE LINUX Retail Solution 8\nhttp://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html\n\nNovell Linux Desktop 9\nhttp://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html\nhttp://support.novell.com/techcenter/psdb/94e7e87449ed25841acaf9b535567347.html\n\nSUSE Linux Enterprise Server 10 SP1\nhttp://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html\n\nSUSE Linux Enterprise Desktop 10 SP1\nhttp://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html\n\nORIGINAL ADVISORY:\nhttp://www.novell.com/linux/security/advisories/2007_57_mozilla.html\n\nOTHER REFERENCES:\nSA20442:\nhttp://secunia.com/advisories/20442/\n\nSA22048:\nhttp://secunia.com/advisories/22048/\n\nSA25904:\nhttp://secunia.com/advisories/25904/\n\nSA26288:\nhttp://secunia.com/advisories/26288/\n\nSA27311:\nhttp://secunia.com/advisories/27311/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \nvia applications invoking Firefox with unfiltered command line\narguments. \n\nThis is related to:\nSA22048\nSA25984\n\nThe security issue affects Firefox prior to version 2.0.0.7. \n\nSOLUTION:\nUpdate to version 2.0.0.7. \n\nNOTE: Support for Firefox 1.5.0.x has ended June 2007. The vendor\nencourages users to upgrade to Firefox 2. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\nThe vulnerability is caused due to an input validation error within\nthe handling of system default URIs with registered URI handlers\n(e.g. \"mailto\", \"news\", \"nntp\", \"snews\", \"telnet\"). using\nFirefox visits a malicious website with a specially crafted \"mailto\"\nURI containing a \"%\" character and ends in a certain extension (e.g. \n\".bat\", \".cmd\")\n\nExamples:\nmailto:test%../../../../windows/system32/calc.exe\".cmd\nnntp:../../../../../Windows/system32/telnet.exe\" \"secunia.com\n80%.bat\n\nSuccessful exploitation requires that Internet Explorer 7 is\ninstalled on the system. \n\nThe vulnerability is confirmed on a fully patched Windows XP SP2 and\nWindows Server 2003 SP2 system using Firefox version 2.0.0.5 and\nNetscape Navigator version 9.0b2. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nVulnerability discovered by:\n* Billy (BK) Rios\n\nFirefox not escaping quotes originally discussed by:\n* Jesper Johansson\n\nAdditional research by Secunia Research. \n\nORIGINAL ADVISORY:\nBilly (BK) Rios:\nhttp://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/\n\nOTHER REFERENCES:\nUS-CERT VU#783400:\nhttp://www.kb.cert.org/vuls/id/783400\n\nJesper Johansson blog:\nhttp://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\tNational Cyber Alert System\n Technical Cyber Security Alert TA07-297B\n\n\nAdobe Updates for Microsoft Windows URI Vulnerability\n\n Original release date: October 24, 2007\n Last revised: --\n Source: US-CERT\n\nSystems Affected\n\n Microsoft Windows XP and Windows Server 2003 systems with Internet\n Explorer 7 and any of the following Adobe products:\n * Adobe Reader 8.1 and earlier\n * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier\n * Adobe Reader 7.0.9 and earlier\n * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and\n earlier\n\nOverview\n\n Adobe has released updates for the Adobe Reader and Adobe Acrobat\n product families. The update addresses a URI handling vulnerability in\n Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. \n\nI. Description\n\n Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server\n 2003 changes the way Windows handles Uniform Resource Identifiers\n (URIs). This change has introduced a flaw that can cause Windows to\n incorrectly determine the appropriate handler for the protocol\n specified in a URI. More information about this vulnerability is available in\n US-CERT Vulnerability Note VU#403150. \n\n Public reports indicate that this vulnerability is being actively\n exploited with malicious PDF files. Adobe has released Adobe Reader\n 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. \n\nII. \n\nIII. Solution\n\nApply an update\n\n Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to\n address this issue. These Adobe products handle URIs in a way that\n mitigates the vulnerability in Microsoft Windows. \n\nDisable the mailto: URI in Adobe Reader and Adobe Acrobat\n\n If you are unable to install an updated version of the software, this\n vulnerability can be mitigated by disabling the mailto: URI handler in\n Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin\n APSB07-18 for details. \n\n\nAppendix A. Vendor Information\n\nAdobe\n\n For information about updating affected Adobe products, see Adobe\n Security Bulletin APSB07-18. \n\nAppendix B. References\n\n * Adobe Security Bulletin APSB07-18 -\n \u003chttp://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e\n \n * Microsoft Security Advisory (943521) -\n \u003chttp://www.microsoft.com/technet/security/advisory/943521.mspx\u003e\n \n * US-CERT Vulnerability Note VU#403150 -\n \u003chttp://www.kb.cert.org/vuls/id/403150\u003e\n\n _________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA07-297B.html\u003e\n _________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA07-297B Feedback VU#403150\" in the\n subject. \n _________________________________________________________________\n \n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n Produced 2007 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\nRevision History\n\n October 24, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H\n3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ\nlKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s\nVNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57\n4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI\nLazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==\n=PgB9\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nInternet web sites are normally not allowed to link to local\nresources",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4965"
},
{
"db": "CERT/CC",
"id": "VU#751808"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"db": "BID",
"id": "20138"
},
{
"db": "VULHUB",
"id": "VHN-21073"
},
{
"db": "PACKETSTORM",
"id": "60464"
},
{
"db": "PACKETSTORM",
"id": "59433"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "PACKETSTORM",
"id": "50213"
}
],
"trust": 4.59
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-21073",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21073"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#751808",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-4965",
"trust": 2.8
},
{
"db": "BID",
"id": "20138",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "22048",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "26201",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "27414",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1018687",
"trust": 1.7
},
{
"db": "SREASON",
"id": "1631",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3155",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26881",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#403150",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#783400",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-423",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060920 BACKDOORING MP3 FILES (PLUS QUICKTIME ISSUES AND CROSS-CONTEXT SCRIPTING)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070912 0DAY: QUICKTIME PWNS FIREFOX",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061207 NEW MYSPACE WORM COULD BE ON ITS WAY",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-03-05",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-82197",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "28639",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-21073",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60464",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59433",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58068",
"trust": 0.1
},
{
"db": "USCERT",
"id": "TA07-297B",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60418",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "50213",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#751808"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-21073"
},
{
"db": "BID",
"id": "20138"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"db": "PACKETSTORM",
"id": "60464"
},
{
"db": "PACKETSTORM",
"id": "59433"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "PACKETSTORM",
"id": "50213"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
},
{
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"id": "VAR-200609-0414",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21073"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:31:05.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.2 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/support/downloads/securityupdateforquicktime72forwindows.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apple.com/jp/quicktime/"
},
{
"title": "Security Update for QuickTime 7.2 for Windows",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=306560-en"
},
{
"title": "Security Update for QuickTime 7.2 for Windows",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=306560-ja"
},
{
"title": "mfsa2007-28",
"trust": 0.8,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-28.html"
},
{
"title": "mfsa2007-28",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2007/mfsa2007-28.html"
},
{
"title": "QuickTime 7.2 for Windows",
"trust": 0.8,
"url": "http://www.apple.com/jp/ftp-info/reference/securityupdateforquicktime72forwindows.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21073"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox"
},
{
"trust": 2.8,
"url": "http://docs.info.apple.com/article.html?artnum=305149"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/20138"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/751808"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1018687"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/22048"
},
{
"trust": 2.4,
"url": "http://support.microsoft.com/kb/224816"
},
{
"trust": 2.1,
"url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/"
},
{
"trust": 1.7,
"url": "http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26201/"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27414"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1631"
},
{
"trust": 1.6,
"url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
},
{
"trust": 1.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389580"
},
{
"trust": 1.6,
"url": "http://kb.mozillazine.org/firefox_:_faqs_:_about:config_entries"
},
{
"trust": 1.6,
"url": "http://en.wikipedia.org/wiki/uniform_resource_identifier"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/3155"
},
{
"trust": 1.2,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-28.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/3155"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/26881/"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=306560"
},
{
"trust": 0.8,
"url": "http://blog.mozilla.com/security/2007/09/18/firefox-2.0.0.7-now-available/"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/quicktime/quicktimeintro/tools/embed2.html"
},
{
"trust": 0.8,
"url": "http://noscript.net/features#contentblocking"
},
{
"trust": 0.8,
"url": "http://noscript.net"
},
{
"trust": 0.8,
"url": "http://msdn2.microsoft.com/en-us/library/ms647732.aspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/advisories/apsa07-04.html"
},
{
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.html"
},
{
"trust": 0.8,
"url": "http://en-us.www.mozilla.com/en-us/firefox/2.0.0.6/releasenotes/"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389106"
},
{
"trust": 0.8,
"url": "http://www.w3schools.com/tags/ref_urlencode.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4673"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4965"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23751808/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4673"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-4965"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2007/20071005_152642.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/479179/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/453756/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/446750/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "http://projects.info-pull.com/moab/moab-03-01-2007.html"
},
{
"trust": 0.3,
"url": "http://browser.netscape.com/releasenotes/"
},
{
"trust": 0.3,
"url": "http://blogs.securiteam.com/?p=1019"
},
{
"trust": 0.3,
"url": "/archive/1/479179"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/22048/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/seamonkey-1.1.5-0.1.src.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1171/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16124/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2001/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-irc-1.1.5-0.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-venkman-1.1.5-0.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2003/"
},
{
"trust": 0.1,
"url": "http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.html"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-spellchecker-1.1.5-0.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://support.novell.com/techcenter/psdb/94e7e87449ed25841acaf9b535567347.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27414/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25904/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/mozillafirefox-2.0.0.8-1.1.src.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-mail-1.1.5-0.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13375/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20442/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27311/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/mozillafirefox-translations-2.0.0.8-1.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/mozillafirefox-translations-2.0.0.8-1.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-mail-1.1.5-0.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-1.1.5-0.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/mozillafirefox-translations-2.0.0.8-1.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-spellchecker-1.1.5-0.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-dom-inspector-1.1.5-0.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/mozillafirefox-2.0.0.8-1.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26288/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/mozillafirefox-2.0.0.8-1.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4664/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-dom-inspector-1.1.5-0.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/mozillafirefox-2.0.0.8-1.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-spellchecker-1.1.5-0.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6221/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-irc-1.1.5-0.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4118/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-dom-inspector-1.1.5-0.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-venkman-1.1.5-0.1.ppc.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-1.1.5-0.1.i586.rpm"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-mail-1.1.5-0.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12192/"
},
{
"trust": 0.1,
"url": "http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-venkman-1.1.5-0.1.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10796/"
},
{
"trust": 0.1,
"url": "http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4227/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12434/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25984/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1173/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1175/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/783400"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12366/"
},
{
"trust": 0.1,
"url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx"
},
{
"trust": 0.1,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/advisory/943521.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/403150\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta07-297b.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#751808"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-21073"
},
{
"db": "BID",
"id": "20138"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"db": "PACKETSTORM",
"id": "60464"
},
{
"db": "PACKETSTORM",
"id": "59433"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "PACKETSTORM",
"id": "50213"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
},
{
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#751808"
},
{
"db": "CERT/CC",
"id": "VU#403150"
},
{
"db": "CERT/CC",
"id": "VU#783400"
},
{
"db": "VULHUB",
"id": "VHN-21073"
},
{
"db": "BID",
"id": "20138"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"db": "PACKETSTORM",
"id": "60464"
},
{
"db": "PACKETSTORM",
"id": "59433"
},
{
"db": "PACKETSTORM",
"id": "58068"
},
{
"db": "PACKETSTORM",
"id": "60418"
},
{
"db": "PACKETSTORM",
"id": "50213"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
},
{
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#751808"
},
{
"date": "2007-07-27T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2006-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-21073"
},
{
"date": "2006-09-21T00:00:00",
"db": "BID",
"id": "20138"
},
{
"date": "2007-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"date": "2007-10-29T15:03:58",
"db": "PACKETSTORM",
"id": "60464"
},
{
"date": "2007-09-20T08:11:10",
"db": "PACKETSTORM",
"id": "59433"
},
{
"date": "2007-07-27T03:17:23",
"db": "PACKETSTORM",
"id": "58068"
},
{
"date": "2007-10-25T04:18:19",
"db": "PACKETSTORM",
"id": "60418"
},
{
"date": "2006-09-21T23:56:25",
"db": "PACKETSTORM",
"id": "50213"
},
{
"date": "2006-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-423"
},
{
"date": "2006-09-25T00:07:00",
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-10-04T00:00:00",
"db": "CERT/CC",
"id": "VU#751808"
},
{
"date": "2007-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#403150"
},
{
"date": "2007-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#783400"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-21073"
},
{
"date": "2015-03-19T08:50:00",
"db": "BID",
"id": "20138"
},
{
"date": "2007-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000686"
},
{
"date": "2006-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-423"
},
{
"date": "2024-11-21T00:17:18.823000",
"db": "NVD",
"id": "CVE-2006-4965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime remote command execution vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#751808"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-423"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.