10 - CVE-2006-1790

Executive Summary

Informations
Name	CVE-2006-1790	First vendor Publication	2006-04-14
Vendor	Cve	Last vendor Modification	2018-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11202

Oval ID:	oval:org.mitre.oval:def:11202
Title:	A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
Description:	A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-1790	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.13-1.1.3.1 AND mozilla is earlier than 37:1.7.13-1.1.3.1 AND mozilla-chat is earlier than 37:1.7.13-1.1.3.1 AND mozilla-mail is earlier than 37:1.7.13-1.1.3.1 AND mozilla-dom-inspector is earlier than 37:1.7.13-1.1.3.1 AND mozilla-devel is earlier than 37:1.7.13-1.1.3.1 AND mozilla-nss is earlier than 37:1.7.13-1.1.3.1 AND mozilla-nss-devel is earlier than 37:1.7.13-1.1.3.1 AND mozilla-nspr is earlier than 37:1.7.13-1.1.3.1 AND mozilla-nspr-devel is earlier than 37:1.7.13-1.1.3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section mozilla-js-debugger is earlier than 37:1.7.13-1.4.1 AND devhelp-devel is earlier than 0:0.9.2-2.4.8 AND mozilla is earlier than 37:1.7.13-1.4.1 AND thunderbird is earlier than 0:1.0.8-1.4.1 AND mozilla-chat is earlier than 37:1.7.13-1.4.1 AND mozilla-mail is earlier than 37:1.7.13-1.4.1 AND mozilla-dom-inspector is earlier than 37:1.7.13-1.4.1 AND devhelp is earlier than 0:0.9.2-2.4.8 AND mozilla-nss is earlier than 37:1.7.13-1.4.1 AND mozilla-devel is earlier than 37:1.7.13-1.4.1 AND mozilla-nss-devel is earlier than 37:1.7.13-1.4.1 AND firefox is earlier than 0:1.0.8-1.4.1 AND mozilla-nspr is earlier than 37:1.7.13-1.4.1 AND mozilla-nspr-devel is earlier than 37:1.7.13-1.4.1

Definition Id: oval:org.mitre.oval:def:1266

Oval ID:	oval:org.mitre.oval:def:1266
Title:	Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)
Description:	A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-1790	Version:	2
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	mozilla
Definition Synopsis:
Mozilla Firefox version 1.0.7 is installed Mozilla Firefox version 1.0.7 is installed AND Firefox version 1.0.7 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:1.0.7:::::::*	1

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5019559.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox) File : nvt/glsa_200604_12.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200604-18 (mozilla) File : nvt/glsa_200604_18.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird) File : nvt/glsa_200605_09.nasl
2008-09-04	Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox22.nasl
2008-01-17	Name : Debian Security Advisory DSA 1044-1 (mozilla-firefox) File : nvt/deb_1044_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1046-1 (mozilla) File : nvt/deb_1046_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1051-1 (mozilla-thunderbird) File : nvt/deb_1051_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
24663	Mozilla Multiple Products InstallTrigger.install() Method Memory Corruption

Snort® IPS/IDS

Date	Description
2014-01-10	Mozilla Firefox InstallTrigger.install memory corruption attempt RuleID : 18187 - Revision : 6 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date	Description
2007-12-21	Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_108.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO
2007-01-17	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-490.nasl - Type : ACT_GATHER_INFO
2007-01-17	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-487.nasl - Type : ACT_GATHER_INFO
2007-01-17	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-488.nasl - Type : ACT_GATHER_INFO
2007-01-17	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-489.nasl - Type : ACT_GATHER_INFO
2006-12-06	Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-12-06	Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1051.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1046.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1044.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO
2006-05-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl - Type : ACT_GATHER_INFO
2006-05-13	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-09.nasl - Type : ACT_GATHER_INFO
2006-05-03	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-276-1.nasl - Type : ACT_GATHER_INFO
2006-05-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-18.nasl - Type : ACT_GATHER_INFO
2006-04-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-275-1.nasl - Type : ACT_GATHER_INFO
2006-04-26	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO
2006-04-26	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-078.nasl - Type : ACT_GATHER_INFO
2006-04-26	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-075.nasl - Type : ACT_GATHER_INFO
2006-04-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-12.nasl - Type : ACT_GATHER_INFO
2006-04-26	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_021.nasl - Type : ACT_GATHER_INFO
2006-04-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO
2006-04-21	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-411.nasl - Type : ACT_GATHER_INFO
2006-04-21	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-271-1.nasl - Type : ACT_GATHER_INFO
2006-04-21	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-410.nasl - Type : ACT_GATHER_INFO
2006-04-17	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO
2006-04-14	Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_101.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/17516
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
DEBIAN	http://www.debian.org/security/2006/dsa-1044 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051
FEDORA	http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html http://www.securityfocus.com/archive/1/436296/100/0/threaded http://www.securityfocus.com/archive/1/436338/100/0/threaded
GENTOO	http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HP	http://www.securityfocus.com/archive/1/438730/100/0/threaded
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDKSA-2006:075 http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2006-0328.html http://www.redhat.com/support/errata/RHSA-2006-0329.html http://www.redhat.com/support/errata/RHSA-2006-0330.html
SCO	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SECUNIA	http://secunia.com/advisories/19631 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19780 http://secunia.com/advisories/19794 http://secunia.com/advisories/19811 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/19950 http://secunia.com/advisories/20051 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622
SGI	ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
SUSE	http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
UBUNTU	https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/ https://usn.ubuntu.com/276-1/
VUPEN	http://www.vupen.com/english/advisories/2006/1356
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/25809

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:03:55	Multiple Updates
2021-04-22 01:04:28	Multiple Updates
2020-05-23 00:17:39	Multiple Updates
2018-10-18 21:20:04	Multiple Updates
2018-10-04 00:19:27	Multiple Updates
2017-10-11 09:23:40	Multiple Updates
2017-07-20 09:23:30	Multiple Updates
2016-04-26 14:30:30	Multiple Updates
2014-02-17 10:35:28	Multiple Updates
2014-01-19 21:23:14	Multiple Updates
2013-05-11 10:54:15	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	1
Sources(s)	49
osvdb(s)	1
Openvas Exploit(s)	8
Snort® Rule(s)	1
Nessus® Exploit(s)	33

	Related
10	USN-276-1
10	USN-275-1
10	USN-271-1
10	SUN-102550
10	RHSA-2006:0330
10	RHSA-2006:0329
10	RHSA-2006:0328
10	DSA-1051
10	DSA-1046
10	DSA-1044
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)

10 - CVE-2006-1790

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU