Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title firefox security update
Informations
Name RHSA-2006:0610 First vendor Publication 2006-07-28
Vendor RedHat Last vendor Modification 2006-07-28
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch.

This update also resolves a number of outstanding Firefox security issues:

Several flaws were found in the way Firefox processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)

Several denial of service flaws were found in the way Firefox processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811)

A cross-site scripting flaw was found in the way Firefox processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed "script" tag. (CVE-2006-2783)

Several flaws were found in the way Firefox processed certain javascript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810)

A form file upload flaw was found in the way Firefox handled javascript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782)

A denial of service flaw was found in the way Firefox called the crypto.signText() javascript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778)

Two HTTP response smuggling flaws were found in the way Firefox processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786)

A flaw was found in the way Firefox processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808)

A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Firefox. (CVE-2006-2788)

Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.5 that corrects these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

193895 - CVE-2006-2779 multiple firefox DoS issues (CVE-2006-2780) 196973 - CVE-2006-2783 multiple Firefox issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788) 200168 - CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2006-0610.html

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-94 Failure to Control Generation of Code ('Code Injection')
12 % CWE-264 Permissions, Privileges, and Access Controls
12 % CWE-189 Numeric Errors (CWE/SANS Top 25)
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
12 % CWE-20 Improper Input Validation
12 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10113
 
Oval ID: oval:org.mitre.oval:def:10113
Title: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3810
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10261
 
Oval ID: oval:org.mitre.oval:def:10261
Title: Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.
Description: Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3113
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10374
 
Oval ID: oval:org.mitre.oval:def:10374
Title: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
Description: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3807
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10429
 
Oval ID: oval:org.mitre.oval:def:10429
Title: Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.
Description: Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2782
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10545
 
Oval ID: oval:org.mitre.oval:def:10545
Title: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2785
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10635
 
Oval ID: oval:org.mitre.oval:def:10635
Title: Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
Description: Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3803
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10690
 
Oval ID: oval:org.mitre.oval:def:10690
Title: The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
Description: The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3805
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10745
 
Oval ID: oval:org.mitre.oval:def:10745
Title: Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
Description: Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3677
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10772
 
Oval ID: oval:org.mitre.oval:def:10772
Title: Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
Description: Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2783
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10845
 
Oval ID: oval:org.mitre.oval:def:10845
Title: Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
Description: Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3808
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11013
 
Oval ID: oval:org.mitre.oval:def:11013
Title: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.
Description: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3812
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11065
 
Oval ID: oval:org.mitre.oval:def:11065
Title: Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
Description: Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2788
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11232
 
Oval ID: oval:org.mitre.oval:def:11232
Title: Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Description: Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Family: unix Class: vulnerability
Reference(s): CVE-2006-3806
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11305
 
Oval ID: oval:org.mitre.oval:def:11305
Title: Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.
Description: Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2780
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11501
 
Oval ID: oval:org.mitre.oval:def:11501
Title: Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.
Description: Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3801
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9491
 
Oval ID: oval:org.mitre.oval:def:9491
Title: EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
Description: EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2787
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9611
 
Oval ID: oval:org.mitre.oval:def:9611
Title: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.
Description: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3802
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9703
 
Oval ID: oval:org.mitre.oval:def:9703
Title: The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
Description: The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2778
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9753
 
Oval ID: oval:org.mitre.oval:def:9753
Title: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.
Description: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3809
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9762
 
Oval ID: oval:org.mitre.oval:def:9762
Title: Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested option tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Description: Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2779
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9768
 
Oval ID: oval:org.mitre.oval:def:9768
Title: The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
Description: The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2784
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9849
 
Oval ID: oval:org.mitre.oval:def:9849
Title: Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
Description: Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2776
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9934
 
Oval ID: oval:org.mitre.oval:def:9934
Title: Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.
Description: Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3811
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9966
 
Oval ID: oval:org.mitre.oval:def:9966
Title: HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
Description: HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2786
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 50
Application 10
Application 40

SAINT Exploits

Description Link
Mozilla Firefox JavaScript Navigator object vulnerability More info here

ExploitDB Exploits

id Description
2006-07-28 Mozilla Firefox <= 1.5.0.4 Javascript Navigator Object Code Execution PoC

OpenVAS Exploits

Date Description
2009-05-05 Name : HP-UX Update for Thunderbird HPSBUX02156
File : nvt/gb_hp_ux_HPSBUX02156.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200703-05 (mozilla)
File : nvt/glsa_200703_05.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200608-04 (Thunderbird)
File : nvt/glsa_200608_04.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200608-03 (Firefox)
File : nvt/glsa_200608_03.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200608-02 (SeaMonkey)
File : nvt/glsa_200608_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200606-21 (mozilla-thunderbird)
File : nvt/glsa_200606_21.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200606-12 (mozilla-firefox)
File : nvt/glsa_200606_12.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox24.nasl
2008-01-17 Name : Debian Security Advisory DSA 1192-1 (mozilla)
File : nvt/deb_1192_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1210-1 (mozilla-firefox)
File : nvt/deb_1210_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1118-1 (mozilla)
File : nvt/deb_1118_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1191-1 (mozilla-thunderbird)
File : nvt/deb_1191_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1161-2 (mozilla-firefox)
File : nvt/deb_1161_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1161-1 (mozilla-firefox)
File : nvt/deb_1161_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1160-2 (mozilla)
File : nvt/deb_1160_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1160-1 (mozilla)
File : nvt/deb_1160_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1159-2 (mozilla-thunderbird)
File : nvt/deb_1159_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1159-1 (mozilla-thunderbird)
File : nvt/deb_1159_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1134-1 (mozilla-thunderbird)
File : nvt/deb_1134_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1120-1 (mozilla-firefox)
File : nvt/deb_1120_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
27668 Mozilla Multiple Products nsIX509Cert getRawDER Function Double-free DoS

27577 Mozilla Multiple Products Removed Node Reference Unspecified Code Execution

27576 Mozilla Multiple Products crypto.generateCRMFRequest Deleted Context Code Exe...

27575 Mozilla Multiple Products Anonymous Box Selector Unspecified Code Execution

27574 Mozilla Multiple Products Table Row/Column Group Unspecified Code Execution

27573 Mozilla Multiple Products String Class Out-of-memory Code Execution

27572 Mozilla Multiple Products nsListControlFrame::FireMenuItemActiveEvent Arbitra...

27571 Mozilla Multiple Products String Function Objects Unspecified Overflow

27570 Mozilla Multiple Products toSource Method Overflow

27569 Mozilla Multiple Products Garbage Collection Temporary Object Handling Arbitr...

27568 Mozilla Multiple Products Standard Object() Constructor Manipulation Privileg...

27567 Mozilla Multiple Products PAC Script FindProxyForURL Function Privilege Escal...

27566 Mozilla Multiple Products UniversalXPConnect Privilege Escalation

27565 Mozilla Multiple Products XPCNativeWrapper(window).Function Construct XSS

27564 Mozilla Multiple Products Chrome Scheme Remote Script Execution

27562 Mozilla Multiple Products JavaScript Garbage Collection Race Condition Arbitr...

27561 Mozilla Multiple Products Top-level Object Method Native DOM XSS

27560 Mozilla Multiple Products Simultaneous XPCOM Events Memory Corruption Arbitra...

Mozilla Firefox 1.5.0.1, 1.5.0.2, 1.5.0.3, and 1.5.0.4, Mozilla Thunderbird 1.5.0.1, 1.5.0.2, 1.5.0.3, and 1.5.0.4, and Mozilla SeaMonkey 1.0.2 contain a use-after-free error when handling simultaneously occurring XPCOM events. With a specially crafted web page, a remote attacker can execute arbitrary code.
27559 Mozilla Multiple Products Window Navigator Object Arbitrary Code Execution

A code execution flaw exists in multiple Mozilla browsers. Firefox and SeaMonkey fail to validate values assigned to window.navigator objects. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
27558 Mozilla Multiple Products JavaScript Reference Clear Failure Arbitrary Code E...

26314 Mozilla Multiple Products BOM on UTF-8 Page XSS

26313 Mozilla Multiple Products Text Box Arbitrary File Access (Variant)

26311 Mozilla Multiple Products crypto.signText Function Overflow

26310 Mozilla Multiple Products Content-defined Setter Object Prototype Remote Priv...

26309 Mozilla Multiple Products PLUGINSPAGE Privileged JavaScript Execution

26308 Mozilla Multiple Products EvalInSandbox Bypass Privilege Escalation

26307 Mozilla Multiple Products iframe Self Removal Memory Corruption

26306 Mozilla Multiple Products XBL Implementation Memory Corruption

26305 Mozilla Multiple Products BoxObjects Memory Corruption

26304 Mozilla Multiple Products Content-implemented Tree View Memory Corruption

26303 Mozilla Multiple Products DOMNodeRemoved Mutation Event Memory Corruption

26302 Mozilla Multiple Products Select Tag Nested Option Memory Corruption

26301 Mozilla Multiple Products jsstr tagify Overflow

26300 Mozilla Multiple Products via Proxy Server HTTP Response Smuggling

26299 Mozilla Multiple Products View Image/Frame Source Attribute XSS

Snort® IPS/IDS

Date Description
2014-01-10 Mozilla javascript navigator object access
RuleID : 8058 - Revision : 11 - Type : BROWSER-FIREFOX
2019-10-08 Mozilla Firefox GeckoActiveXObject exploit attempt
RuleID : 51394 - Revision : 2 - Type : BROWSER-OTHER
2019-10-08 Mozilla Firefox GeckoActiveXObject exploit attempt
RuleID : 51393 - Revision : 2 - Type : BROWSER-OTHER
2014-01-10 Mozilla Firefox new function garbage collection remote code execution attempt
RuleID : 18302 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox GeckoActiveXObject memory corruption attempt
RuleID : 18301 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Javascript deleted frame or window reference attempt
RuleID : 18264 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Javascript deleted frame or window reference attempt
RuleID : 18263 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Javascript engine function arguments memory corruption attempt
RuleID : 18262 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Javascript engine String.toSource memory corruption attempt
RuleID : 18261 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla browsers memory corruption simultaneous XPCOM events code execution a...
RuleID : 18178 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla browsers memory corruption simultaneous XPCOM events code execution a...
RuleID : 18177 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla browsers memory corruption simultaneous XPCOM events code execution a...
RuleID : 18176 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox DOMNodeRemoved attack attempt
RuleID : 17389 - Revision : 13 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0735.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0733.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_4.0.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-1960.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-361-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-296-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-296-2.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-297-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-297-3.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-323-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-327-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-350-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-329-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-1585.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-1952.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-1924.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-1672.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-1981.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing Sun Security Patch number 120671-08
File : solaris8_120671.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing Sun Security Patch number 120671-08
File : solaris9_120671.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-143.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-146.nasl - Type : ACT_GATHER_INFO
2006-12-06 Name : The remote host is missing Sun Security Patch number 120672-08
File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-12-06 Name : The remote host is missing Sun Security Patch number 120672-08
File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-11-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1210.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119115-36
File : solaris10_119115.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119116-35
File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1118.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1120.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1134.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1159.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1160.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1161.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1191.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1192.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0594.nasl - Type : ACT_GATHER_INFO
2006-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0609.nasl - Type : ACT_GATHER_INFO
2006-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0608.nasl - Type : ACT_GATHER_INFO
2006-08-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0609.nasl - Type : ACT_GATHER_INFO
2006-08-04 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0610.nasl - Type : ACT_GATHER_INFO
2006-08-04 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0611.nasl - Type : ACT_GATHER_INFO
2006-08-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200608-02.nasl - Type : ACT_GATHER_INFO
2006-08-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200608-03.nasl - Type : ACT_GATHER_INFO
2006-08-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200608-04.nasl - Type : ACT_GATHER_INFO
2006-07-29 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0611.nasl - Type : ACT_GATHER_INFO
2006-07-29 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0610.nasl - Type : ACT_GATHER_INFO
2006-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0608.nasl - Type : ACT_GATHER_INFO
2006-07-28 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e2a926641d6011db88cf000c6ec775d9.nasl - Type : ACT_GATHER_INFO
2006-07-27 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_1505.nasl - Type : ACT_GATHER_INFO
2006-07-27 Name : A web browser on the remote host is prone to multiple flaws.
File : seamonkey_103.nasl - Type : ACT_GATHER_INFO
2006-07-27 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_1505.nasl - Type : ACT_GATHER_INFO
2006-07-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0578.nasl - Type : ACT_GATHER_INFO
2006-06-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200606-21.nasl - Type : ACT_GATHER_INFO
2006-06-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200606-12.nasl - Type : ACT_GATHER_INFO
2006-06-03 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_1504.nasl - Type : ACT_GATHER_INFO
2006-06-03 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_1504.nasl - Type : ACT_GATHER_INFO
2006-06-03 Name : A web browser on the remote host is prone to multiple flaws.
File : seamonkey_102.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:50:09
  • Multiple Updates