All the vulnerabilites related to mozilla - camino
cve-2008-4821
Vulnerability from cvelistv5
Published
2008-11-10 11:00
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"name": "32129",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32129"
},
{
"name": "33390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "ADV-2008-3444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "32702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32702"
},
{
"name": "TA08-350A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
},
{
"name": "33179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33179"
},
{
"name": "34226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34226"
},
{
"name": "adobe-flash-jar-information-disclosure(46534)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46534"
},
{
"name": "GLSA-200903-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "RHSA-2008:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "APPLE-SA-2008-12-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "248586",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "1021149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"name": "32129",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32129"
},
{
"name": "33390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "ADV-2008-3444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "32702",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32702"
},
{
"name": "TA08-350A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
},
{
"name": "33179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33179"
},
{
"name": "34226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34226"
},
{
"name": "adobe-flash-jar-information-disclosure(46534)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46534"
},
{
"name": "GLSA-200903-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "RHSA-2008:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "APPLE-SA-2008-12-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "248586",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "1021149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"name": "32129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32129"
},
{
"name": "33390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33390"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "ADV-2008-3444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "32702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32702"
},
{
"name": "TA08-350A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
},
{
"name": "33179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33179"
},
{
"name": "34226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34226"
},
{
"name": "adobe-flash-jar-information-disclosure(46534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46534"
},
{
"name": "GLSA-200903-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"name": "http://support.apple.com/kb/HT3338",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "RHSA-2008:0980",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "APPLE-SA-2008-12-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "248586",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "1021149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4821",
"datePublished": "2008-11-10T11:00:00",
"dateReserved": "2008-10-31T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0238
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.shmoo.com/idn/homograph.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html | mailing-list, x_refsource_FULLDISC | |
| http://www.shmoo.com/idn | x_refsource_MISC | |
| https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/12461 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shmoo.com/idn/homograph.txt",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"name": "http://www.shmoo.com/idn",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn"
},
{
"name": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name": "12461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0238",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-02-07T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2114
Vulnerability from cvelistv5
Published
2005-07-01 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1014292 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securiteam.com/securitynews/5OP0U00G1G.html | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2005-587.html | vendor-advisory, x_refsource_REDHAT | |
| http://securitytracker.com/id?1014293 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1014294 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1014372 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kurczaba.com/html/security/0506241.htm | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112008299210033&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1014349 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2005-586.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21188 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014292",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/securitynews/5OP0U00G1G.html"
},
{
"name": "RHSA-2005:587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-587.html"
},
{
"name": "1014293",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014293"
},
{
"name": "1014294",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014294"
},
{
"name": "1014372",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kurczaba.com/html/security/0506241.htm"
},
{
"name": "20050629 Mozilla Multiple Product JavaScript Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112008299210033\u0026w=2"
},
{
"name": "1014349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014349"
},
{
"name": "RHSA-2005:586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-586.html"
},
{
"name": "mozilla-mult-browsers-javascript-dos(21188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188"
},
{
"name": "oval:org.mitre.oval:def:9628",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014292",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/securitynews/5OP0U00G1G.html"
},
{
"name": "RHSA-2005:587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-587.html"
},
{
"name": "1014293",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014293"
},
{
"name": "1014294",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014294"
},
{
"name": "1014372",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kurczaba.com/html/security/0506241.htm"
},
{
"name": "20050629 Mozilla Multiple Product JavaScript Issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112008299210033\u0026w=2"
},
{
"name": "1014349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014349"
},
{
"name": "RHSA-2005:586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-586.html"
},
{
"name": "mozilla-mult-browsers-javascript-dos(21188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188"
},
{
"name": "oval:org.mitre.oval:def:9628",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014292",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014292"
},
{
"name": "http://www.securiteam.com/securitynews/5OP0U00G1G.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5OP0U00G1G.html"
},
{
"name": "RHSA-2005:587",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-587.html"
},
{
"name": "1014293",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014293"
},
{
"name": "1014294",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014294"
},
{
"name": "1014372",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014372"
},
{
"name": "http://www.kurczaba.com/html/security/0506241.htm",
"refsource": "MISC",
"url": "http://www.kurczaba.com/html/security/0506241.htm"
},
{
"name": "20050629 Mozilla Multiple Product JavaScript Issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112008299210033\u0026w=2"
},
{
"name": "1014349",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014349"
},
{
"name": "RHSA-2005:586",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-586.html"
},
{
"name": "mozilla-mult-browsers-javascript-dos(21188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188"
},
{
"name": "oval:org.mitre.oval:def:9628",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2114",
"datePublished": "2005-07-01T04:00:00",
"dateReserved": "2005-07-01T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1901
Vulnerability from cvelistv5
Published
2006-04-20 10:00
Modified
2024-08-07 17:27
Severity ?
EPSS score ?
Summary
Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/431004/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/772 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060413 Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431004/100/0/threaded"
},
{
"name": "772",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060413 Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431004/100/0/threaded"
},
{
"name": "772",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060413 Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431004/100/0/threaded"
},
{
"name": "772",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1901",
"datePublished": "2006-04-20T10:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0233
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "SUSE-SA:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name": "oval:org.mitre.oval:def:11229",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name": "oval:org.mitre.oval:def:100029",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name": "RHSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shmoo.com/idn"
},
{
"name": "SUSE-SA:2005:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name": "oval:org.mitre.oval:def:11229",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name": "oval:org.mitre.oval:def:100029",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name": "RHSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"name": "12461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-0233",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-02-07T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200505-1101
Vulnerability from variot
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. Multiple browsers are reported prone to vulnerabilities that surround the handling of International Domain Names. The vulnerabilities are caused by inconsistencies in how International Domain Names are processed. Reports indicate that attackers can leverage this to spoof address bars, status bars, and SSL certificate values. Remote attackers may exploit these vulnerabilities in phishing-style attacks. Through a false sense of trust, users may voluntarily disclose sensitive information to a malicious website. Although these vulnerabilities are reported to affect browsers, mail clients that depend on the browser to generate HTML code may also be affected. KDE is a free and open source X desktop management program for Linux and Unix workstations. Since version 3.2, KDE and its web browser Konqueror have supported International Domain Names (IDNs), which makes KDE vulnerable to a phishing technique called Homograph
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "group omniweb",
"scope": "eq",
"trust": 0.3,
"vendor": "omni",
"version": "4.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "internet explorer sp2 do not use",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0-"
},
{
"model": "browser a",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "browser alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "browser alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.81"
},
{
"model": "of kansas lynx dev.4",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.5"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.7"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4.1"
},
{
"model": "software opera web browser win32 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.01"
},
{
"model": "browser rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "internet explorer sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.6.6"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7.5"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.2"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "browser alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.84"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.3"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.1"
},
{
"model": "netscape",
"scope": "eq",
"trust": 0.3,
"vendor": "netscape",
"version": "7.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "linux i686",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.8"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.22"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1"
},
{
"model": "internet explorer sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "netscape",
"scope": "eq",
"trust": 0.3,
"vendor": "netscape",
"version": "7.2"
},
{
"model": "netscape",
"scope": "ne",
"trust": 0.3,
"vendor": "netscape",
"version": "8.0"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.5"
},
{
"model": "browser m16",
"scope": null,
"trust": 0.3,
"vendor": "mozilla",
"version": null
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10.1"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.1"
},
{
"model": "browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.2"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "software opera web browser mac",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.0"
},
{
"model": "of kansas lynx",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.1"
},
{
"model": "group omniweb",
"scope": "eq",
"trust": 0.3,
"vendor": "omni",
"version": "5.0.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "spoofstick",
"scope": "eq",
"trust": 0.3,
"vendor": "corestreet",
"version": "1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.48"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"model": "of kansas lynx dev.8",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.5"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "software opera web browser b",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"model": "fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "of kansas lynx dev.3",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.5"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.3"
},
{
"model": "software opera web browser 1win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.2.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.1"
},
{
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "of kansas lynx pre.5",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.3"
},
{
"model": "of kansas lynx dev.2",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.5"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.6.3"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.7.3"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.2.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.2"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.23"
},
{
"model": "software opera web browser j",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.2"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.3.1"
},
{
"model": "of kansas lynx rel.1",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.3"
},
{
"model": "internet explorer",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.8"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"model": "group omniweb",
"scope": "eq",
"trust": 0.3,
"vendor": "omni",
"version": "4.0.6"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "9"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.11"
},
{
"model": "browser m15",
"scope": null,
"trust": 0.3,
"vendor": "mozilla",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "browser rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.54"
},
{
"model": "of kansas lynx dev2x",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.3"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.51"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "internet explorer",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "netscape",
"scope": "eq",
"trust": 0.3,
"vendor": "netscape",
"version": "7.0"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "software opera web browser 3win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.2.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.2"
},
{
"model": "firefox rc",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.10"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.8.1"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.8.3"
},
{
"model": "software opera web browser 2win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.9"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "of kansas lynx",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.3"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.10"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.06"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "linux alt linux compact",
"scope": "eq",
"trust": 0.3,
"vendor": "alt",
"version": "2.3"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.4"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.12"
},
{
"model": "of kansas lynx rel.1",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.2"
},
{
"model": "internet explorer sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.0"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2"
},
{
"model": "linux alt linux junior",
"scope": "eq",
"trust": 0.3,
"vendor": "alt",
"version": "2.3"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.3"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.1"
},
{
"model": "linux mandrake amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.7.2"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.20"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "browser alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.2"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.02"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "software opera web browser beta build",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.2012981"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.12"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.6.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.2.1"
},
{
"model": "i-nav",
"scope": null,
"trust": 0.3,
"vendor": "verisign",
"version": null
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.7.1.2"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.7"
},
{
"model": "of kansas lynx dev.5",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.5"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4.2"
},
{
"model": "browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.52"
},
{
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.6.4"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.11"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "browser alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.82"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "of kansas lynx",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.1"
},
{
"model": "of kansas lynx",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.2"
},
{
"model": "internet explorer",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.5"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.3.1"
},
{
"model": "internet explorer sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "browser alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.83"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "software opera web browser win32 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.02"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "of kansas lynx rel.1",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.4"
},
{
"model": "of kansas lynx",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.7"
},
{
"model": "internet explorer sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.2.4"
},
{
"model": "browser rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7.4"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "firebird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.5"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.7.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10"
},
{
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.3"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.10"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.6.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.5"
},
{
"model": "browser rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7"
},
{
"model": "firebird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2"
},
{
"model": "browser b",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4"
},
{
"model": "software opera web browser win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.2"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.2.1"
},
{
"model": "internet explorer sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "firebird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.2.3"
},
{
"model": "firefox preview release",
"scope": null,
"trust": 0.3,
"vendor": "mozilla",
"version": null
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "propack",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "5.0"
},
{
"model": "group omniweb beta11",
"scope": "eq",
"trust": 0.3,
"vendor": "omni",
"version": "4.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.3"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.2-6"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.4"
},
{
"model": "browser rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7"
},
{
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "internet explorer",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "of kansas lynx",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.4"
},
{
"model": "konqueror b",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "software opera web browser linux",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0.2"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.8.2"
},
{
"model": "software opera web browser .6win32",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "6.0"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "10.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "of kansas lynx dev.22",
"scope": "ne",
"trust": 0.3,
"vendor": "university",
"version": "2.8.3"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.53"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.5"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.21"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.35"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.7.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3"
},
{
"model": "browser alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.3"
},
{
"model": "web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "dillo",
"version": "0.6.5"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "7.50"
},
{
"model": "internet explorer sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.1"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "12461"
},
{
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Waldo Bastian bastian@kde.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
],
"trust": 0.6
},
"cve": "CVE-2005-0234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-11443",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-0234",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-11443",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11443"
},
{
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. Multiple browsers are reported prone to vulnerabilities that surround the handling of International Domain Names. \nThe vulnerabilities are caused by inconsistencies in how International Domain Names are processed. Reports indicate that attackers can leverage this to spoof address bars, status bars, and SSL certificate values. \nRemote attackers may exploit these vulnerabilities in phishing-style attacks. Through a false sense of trust, users may voluntarily disclose sensitive information to a malicious website. \nAlthough these vulnerabilities are reported to affect browsers, mail clients that depend on the browser to generate HTML code may also be affected. KDE is a free and open source X desktop management program for Linux and Unix workstations. Since version 3.2, KDE and its web browser Konqueror have supported International Domain Names (IDNs), which makes KDE vulnerable to a phishing technique called Homograph",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"db": "BID",
"id": "12461"
},
{
"db": "VULHUB",
"id": "VHN-11443"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "12461",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2005-0234",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200505-063",
"trust": 0.7
},
{
"db": "XF",
"id": "19236",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-03-21",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050208 INTERNATIONAL DOMAIN NAME [IDN] SUPPORT IN MODERN BROWSERS ALLOWS ATTACKERS TO SPOOF DOMAIN NAME URLS + SSL CERTS.",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20050206 STATE OF HOMOGRAPH ATTACKS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-11443",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11443"
},
{
"db": "BID",
"id": "12461"
},
{
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
]
},
"id": "VAR-200505-1101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11443"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:28:56.691000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12461"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-february/031459.html"
},
{
"trust": 1.7,
"url": "http://www.shmoo.com/idn"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/19236"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"trust": 0.3,
"url": "http://lists.altlinux.ru/pipermail/security-announce/2005-march/000287.html"
},
{
"trust": 0.3,
"url": "http://www.kde.org/info/security/advisory-20050316-2.txt"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=301061"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/products/firefox/releases/"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-325.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-384.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "http://browser.netscape.com/ns8/security/alerts.jsp"
},
{
"trust": 0.3,
"url": "http://www.corestreet.com/spoofstick/"
},
{
"trust": 0.3,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2005\u0026m=slackware-security.000123"
},
{
"trust": 0.3,
"url": "/archive/1/389803"
},
{
"trust": 0.3,
"url": "/archive/1/389822"
},
{
"trust": 0.3,
"url": "/archive/1/389695"
},
{
"trust": 0.3,
"url": "/archive/1/389858"
},
{
"trust": 0.3,
"url": "/archive/1/389961"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110782704923280\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11443"
},
{
"db": "BID",
"id": "12461"
},
{
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-11443"
},
{
"db": "BID",
"id": "12461"
},
{
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-11443"
},
{
"date": "2005-02-07T00:00:00",
"db": "BID",
"id": "12461"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"date": "2005-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-11443"
},
{
"date": "2007-03-02T19:55:00",
"db": "BID",
"id": "12461"
},
{
"date": "2017-07-11T01:32:09.467000",
"db": "NVD",
"id": "CVE-2005-0234"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Konqueror Vulnerable to international domain name spoofing vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "12461"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-063"
}
],
"trust": 0.9
}
}
var-200607-0664
Vulnerability from variot
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. Mozilla products fail to properly release memory. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The flaw exists when assigning specific values to the window.navigator object. A lack of checking on assignment causes user supplied data to be later used in the creation of other objects leading to eventual code execution. The Mozilla Foundation has released thirteen security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. Other attacks may also be possible. The issues described here will be split into individual BIDs as more information becomes available. These issues are fixed in: - Mozilla Firefox 1.5.0.5 - Mozilla Thunderbird 1.5.0.5 - Mozilla SeaMonkey 1.0.3. Mozilla Firefox is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input before using it to create new JavaScript objects. This issue was previously discussed in BID 19181 (Mozilla Multiple Products Remote Vulnerabilities). =========================================================== Ubuntu Security Notice USN-327-1 July 27, 2006 firefox vulnerabilities CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.5-0ubuntu6.06
After a standard system upgrade you need to restart Firefox to effect the necessary changes.
Please note that Firefox 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are also affected by these problems. Updates for these Ubuntu releases will be delayed due to upstream dropping support for this Firefox version. We strongly advise that you disable JavaScript to disable the attack vectors for most vulnerabilities if you use one of these Ubuntu versions. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812)
cross-site scripting vulnerabilities were found in the XPCNativeWrapper() function and native DOM method handlers. A malicious web site could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-3802, CVE-2006-3810)
A bug was found in the script handler for automatic proxy configuration. (CVE-2006-3808)
Please see
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
for technical details of these vulnerabilities.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.diff.gz
Size/MD5: 174602 7be6f5862219ac4cf44f05733f372f2b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.dsc
Size/MD5: 1109 252d6acf45b009008a6bc88166e2632f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5.orig.tar.gz
Size/MD5: 44067762 749933c002e158576ec15782fc451e43
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb
Size/MD5: 49190 850dd650e7f876dd539e605d9b3026c8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb
Size/MD5: 50078 c1fa4a40187d9c5b58bd049edb00ce54
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 47269292 167aadc3f03b4e1b7cb9ed826e672983
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 2796768 b54592d0bd736f6ee12a90987771bc59
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 216136 79fa6c69ffb0dd6037e56d1ba538ff64
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 82358 e2e026d582a7b5352cee4453cef0fe45
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 9400544 a9d0b804a4374dc636bb79968a2bce5c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 218822 a09476caea7d8d73d6a2f534bd494493
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 161876 0e0e65348dba8167b4891b173baa8f0d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 235746 064fc1434a315f857ee92f60fd49d772
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb
Size/MD5: 757458 bd6a5e28e05a04a5deca731ab29f70e4
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 43837610 a7e4a535262f8a5d5cb0ace7ed785237
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 2796700 4509dbf62e3fd2cda7168c20aa65ba4f
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 209546 50e174c1c7290fca51f9e1ee71ebb56c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 74732 25ba86caeeb1a88da4493875178a3636
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 7916536 40ebfe4330af25c2359f8b25b039ed5e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 218822 6066f59acbce1b4de2dc284b5801efc5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 146570 c1a5c5cc4371b228093d03d9ed7ad607
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 235754 0e9a1a89f63a9869b875ee6a50547c2b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb
Size/MD5: 669556 d537a4771b80e5c06f18b2c5d7e5d384
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 48648192 479d29e08ff2b9cef89a6da3285c0aad
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 2796790 60b97738bfc3b8b32914487bb4aba239
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 212982 a396e119a32303afc024d513b997c84e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 77894 ef7841bb2ab8de0e0c44e59c893b1622
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 9019132 ed3927484eea5fccf84a2840640febf3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 218826 a2338c3c8064a304deb752bf32a291f8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 159112 7d5d6100727ceb894695b219cec11e43
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 235754 69085beb145222fea07d2d6c19158a2d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb
Size/MD5: 768332 8dc6cc8c54185d57af14bab3bee39f9d
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 45235424 f5a07188af5802fffbd3cfdd64b109cf
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 2796756 cb13c7ea0e3b7af2f1e12db1f8dc38a2
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 210488 17f7723b697110c8f132422bc059d447
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 76340 c38ccb8b71b9c3783a1c9816ecd9cf5d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 8411310 4b3865b2df3924d094e0b18f207bf33d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 218814 a0e67d0d425cea2cd5835e2c2faa930f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 149018 73108368f0ef745188ebd1c48ea10c88
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 235746 695a6122710fb30201daaa239ba6d48d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb
Size/MD5: 681612 896721beb3cdcea12bab98223c0796c2
.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-208A
Mozilla Products Contain Multiple Vulnerabilities
Original release date: July 27, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Mozilla SeaMonkey
* Mozilla Firefox
* Mozilla Thunderbird
Any products based on Mozilla components, specifically Gecko, may also be affected.
I. (CVE-2006-3805)
VU#655892 - Mozilla JavaScript engine contains multiple integer overflows
The Mozilla JavaScript engine contains multiple integer overflows. (CVE-2006-3811)
II.
III.
Disable JavaScript and Java
These vulnerabilities can be mitigated by disabling JavaScript and Java in all affected products. Instructions for disabling Java in Firefox can be found in the "Securing Your Web Browser" document.
Appendix A. Please send email to cert@cert.org with "TA06-208A Feedback VU#239124" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
Jul 27, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRMkgNexOF3G+ig+rAQIFsAgAoWoMkxxhkzb+xgLVCJF7h4k4EBCgJGWa BSOiFfL4Gs4vv4lNooDRCIOdxiBfXYL71XsIOT4aWry5852/6kyYnyAiXXYj1Uv0 SbPY2sQSZ5EaG+G9i8HDIy3fpJN4XgH3ng1uzUnJihY19IfndbXicpZE+debIUri qt9NRD2f5FW5feKo1cBpYxtmxQAEePOa2dJHh7I7cnFGtG3MixHx4kVEyuYUutCX 5tHDsfTIdySNkIdCQ4vhk846bErB/kaHiKMQDfMglllb3GOSc07OQ0CDo2eTPVsA 9DtKkiDP1C4dh1mxco8CWlS6327+EB0KXGGoqDF2+j/rrpsW0oc8nA== =HwuK -----END PGP SIGNATURE----- .
Background
The Mozilla SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as "Mozilla Application Suite". The goal is to produce a cross-platform stand-alone browser application.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/mozilla-firefox < 1.5.0.5 >= 1.5.0.5 2 www-client/mozilla-firefox-bin < 1.5.0.5 >= 1.5.0.5 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.
-
Developers in the Mozilla community looked for and fixed several crash bugs to improve the stability of Mozilla clients.
-
"shutdown" reports that cross-site scripting (XSS) attacks could be performed using the construct XPCNativeWrapper(window).Function(...), which created a function that appeared to belong to the window in question even after it had been navigated to the target site.
-
"shutdown" reports that scripts granting the UniversalBrowserRead privilege can leverage that into the equivalent of the far more powerful UniversalXPConnect since they are allowed to "read" into a privileged context.
-
"moz_bug_r_a4" reports that A malicious Proxy AutoConfig (PAC) server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox.
-
"moz_bug_r_a4" discovered that Named JavaScript functions have a parent object created using the standard Object() constructor (ECMA-specified behavior) and that this constructor can be redefined by script (also ECMA-specified behavior).
-
Igor Bukanov and shutdown found additional places where an untimely garbage collection could delete a temporary object that was in active use.
-
Georgi Guninski found potential integer overflow issues with long strings in the toSource() methods of the Object, Array and String objects as well as string function arguments.
-
H. D. Moore reported a testcase that was able to trigger a race condition where JavaScript garbage collection deleted a temporary variable still being used in the creation of a new Function object.
-
A malicious page can hijack native DOM methods on a document object in another domain, which will run the attacker's script when called by the victim page. This leads to use of a deleted timer object.
-
An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up.
-
Thilo Girmann discovered that in certain circumstances a JavaScript reference to a frame or window was not properly cleared when the referenced content went away.
Impact
A user can be enticed to open specially crafted URLs, visit webpages containing malicious JavaScript or execute a specially crafted script.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/mozilla-firefox-1.5.0.5"
Users of the binary package should upgrade as well:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/mozilla-firefox-bin-1.5.0.5"
References
[ 1 ] CVE-2006-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113 [ 2 ] CVE-2006-3677 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677 [ 3 ] CVE-2006-3801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801 [ 4 ] CVE-2006-3802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802 [ 5 ] CVE-2006-3803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803 [ 6 ] CVE-2006-3805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805 [ 7 ] CVE-2006-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806 [ 8 ] CVE-2006-3807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807 [ 9 ] CVE-2006-3808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808 [ 10 ] CVE-2006-3809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809 [ 11 ] CVE-2006-3810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810 [ 12 ] CVE-2006-3811 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811 [ 13 ] CVE-2006-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200608-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
For more information, see vulnerabilities #1, #3, #4, #5, #6, #7, #9,
10, and #11:
SA19783
Successful exploitation of these vulnerabilities requires that JavaScript is enabled in mails (not default setting).
A boundary error has also been reported in the handling of VCard attachments. This can be exploited to cause a heap-based buffer overflow via a malicious VCard with a specially crafted base64 field that causes a crash and may allow execution of arbitrary code.
SOLUTION: Update to version 1.5.0.5.
PROVIDED AND/OR DISCOVERED BY: Daniel Veditz, Mozilla.
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
OTHER REFERENCES: SA19783: http://secunia.com/advisories/19873/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features.
The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812 http://www.mozilla.org/security/announce/2006/mfsa2006-31.html http://www.mozilla.org/security/announce/2006/mfsa2006-32.html http://www.mozilla.org/security/announce/2006/mfsa2006-33.html http://www.mozilla.org/security/announce/2006/mfsa2006-34.html http://www.mozilla.org/security/announce/2006/mfsa2006-35.html http://www.mozilla.org/security/announce/2006/mfsa2006-36.html http://www.mozilla.org/security/announce/2006/mfsa2006-37.html http://www.mozilla.org/security/announce/2006/mfsa2006-38.html http://www.mozilla.org/security/announce/2006/mfsa2006-39.html http://www.mozilla.org/security/announce/2006/mfsa2006-41.html http://www.mozilla.org/security/announce/2006/mfsa2006-42.html http://www.mozilla.org/security/announce/2006/mfsa2006-43.html http://www.mozilla.org/security/announce/2006/mfsa2006-44.html http://www.mozilla.org/security/announce/2006/mfsa2006-45.html http://www.mozilla.org/security/announce/2006/mfsa2006-46.html http://www.mozilla.org/security/announce/2006/mfsa2006-47.html http://www.mozilla.org/security/announce/2006/mfsa2006-48.html http://www.mozilla.org/security/announce/2006/mfsa2006-50.html http://www.mozilla.org/security/announce/2006/mfsa2006-51.html http://www.mozilla.org/security/announce/2006/mfsa2006-52.html http://www.mozilla.org/security/announce/2006/mfsa2006-53.html http://www.mozilla.org/security/announce/2006/mfsa2006-54.html http://www.mozilla.org/security/announce/2006/mfsa2006-55.html http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
Updated Packages:
Mandriva Linux 2006.0: 76ef1a2e7338c08e485ab2c19a1ce691 2006.0/RPMS/devhelp-0.10-7.1.20060mdk.i586.rpm d44f02b82df9f404f899ad8bc4bdd6a2 2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.i586.rpm 29efc065aeb4a53a105b2c27be816758 2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.i586.rpm caad34c0d4c16a50ec4b05820e6d01db 2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.i586.rpm d0e75938f4e129936351f015bd90a37a 2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm 652044ff7d9c3170df845011ec696393 2006.0/RPMS/libdevhelp-1_0-0.10-7.1.20060mdk.i586.rpm bf6dcf87f409d06b42234dbca387b922 2006.0/RPMS/libdevhelp-1_0-devel-0.10-7.1.20060mdk.i586.rpm e9aaff3090a4459b57367f4903b0458a 2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm fa99cbc159722cc0ff9e5710f24ca599 2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm d4d45b797ca2f2347c0409d9f956ff25 2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm 8d33e72703090a911f7fd171ad9dd719 2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm 23afd287c042c5492c210255554a6893 2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm 4a188f54230b943ea9c8930eb2e0cfe1 2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.i586.rpm 5bec4690547fd733ca97cb2933ebe427 2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.i586.rpm 55836595e5cba3828a9a5a27e5aa1825 2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.i586.rpm 0faf5ee7022ee0b70915d2c845865cae 2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.i586.rpm 312a89317692b3bd86060a1995365d86 2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.i586.rpm 38215dccbee8a169bcbac2af2897c2f7 2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.i586.rpm aaba2fa72f8de960a3a757b3010027d3 2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.i586.rpm d8d59a55974f6fa20d99fb30f126638f 2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.i586.rpm 946e6a76c71dbbee3340f1a96ae25a1d 2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.i586.rpm 9a14c31a41c2bac3942caa3d1fb5daee 2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.i586.rpm b5074c27d1cb719bf9f8fabe8aebf628 2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.i586.rpm 7a225cdfdf0c17c0f4a72ad27907fc07 2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.i586.rpm 06526a054d108d3c9b5f66313151ecc2 2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.i586.rpm 8f721bd3914c31e04359def6272db929 2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.i586.rpm a704ed726e6db4ba59592563cd2c48b0 2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.i586.rpm 0ef6729b05e013a364e847e4a1b7b3e3 2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.i586.rpm 570b19872de676414b399ff970024b78 2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.i586.rpm dee38f0bbe3870d3bd8ad02ea968c57a 2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.i586.rpm 92916e155ec38b5078234728593d72a2 2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.i586.rpm c808f2f32fc9e514ffb097eeeb226a96 2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.i586.rpm 6dda5771d062eae75f8f04b7dab8d6cc 2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.i586.rpm c4ac8441170504cc5ec05cf5c8e6e9f9 2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.i586.rpm 2765008afd4c0ba1d702eda9627a7690 2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.i586.rpm 15b600977b07651f1c3568f4d7f1f9ac 2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.i586.rpm 6f1fae6befe608fc841fcc71e15852c0 2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.i586.rpm 81f412da40ea14bcc23d420d7a5724f9 2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.i586.rpm 76e0ece3c0b6f507340871a168a57e36 2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.i586.rpm 6ded58e85ed113718cfb3484ae420bb9 2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.i586.rpm c76f6648e88de4a63991eac66c3fba04 2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.i586.rpm 1c7ab93275bcdcf30ed9ec2ddb4893df 2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.i586.rpm 60279919aa5f17c2ecd9f64db87cb952 2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm c446c046409b6697a863868fe5c64222 2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm e726300336f737c8952f664bf1866d6f 2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm e9e30596eceb0bc9a03f7880cd7d14ea 2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm 4168c73cba97276fa4868b4ac2c7eb19 2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm 6a7df29f5af703d10d7ea1fee160ac00 2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm e56e14c28051ec4332cbde8dbee7bb6a 2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm 1a144c86fd8db39e2801117296e15d2b 2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm f4889d2ee6e07c0141b57ab9aaccae64 2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm dee0f7bc91c797e880fff19e1cb05a63 2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm 45724f6ceed66701392bd131feaf1f6d 2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm cc680cac7fea3f7f8a48a5daf86db088 2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm 69b04335c21313262af4253863109cc8 2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm 2aab89244a535afcbc25271df5d6b33f 2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm f1c7f71d5484c5047b1b38fc16888ae3 2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm 3963e3c3a2c38c41d9d3bc5250b124a6 2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm bb54aed17a126a9e8568d49866db99ea 2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm 2a1b11f2c8944bc1fc0d313d54a903cf 2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm 783c5b3c0fb9916e07f220110155476d 2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm 895e315731fa0b453045cc39da4f5358 2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm daa0a127d2a1a3641d4e97bfb95f1647 2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm 0c778b0738b11dfd5d68be48fa6316ed 2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm 7025d0118cf29e39117bd87c586e84a3 2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm 5d8b8e869f588c0f5751e9ce7addba45 2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm c5148674a8c7dd1f88c5729293f899ba 2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm 91d490c075473e2443e383201b961cb8 2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm 622ae4619d151bb1634113e50b30fbac 2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm e6d64c14929d299e2fb52e334ae6641a 2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm 20f64c6dfd6aa1450cba5002d42f53d8 2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm b93a6b548bb1cf0f8cc46dec133e81a3 2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm f5603b65b3d10fa5083934e08d2d4560 2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm c0e978ea92b4a8f3aa75dad5ab7588b9 2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm 93cb0acaeddb095d13b37aeb0ab4dd49 2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64: d52f4955f15f99137dd9a0b2f360c8b2 x86_64/2006.0/RPMS/devhelp-0.10-7.1.20060mdk.x86_64.rpm 369457b4a09c07ba18ee5bb18fb2ffa1 x86_64/2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.x86_64.rpm 76735684f3ff493770e374a90fd359c7 x86_64/2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.x86_64.rpm 5da75ab6624f8c8f0c212ce2299d645f x86_64/2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.x86_64.rpm 945059b9456c9ff2ccd40ff4a6d8ae70 x86_64/2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm 193f97760bb46e16051ba7b6b968f340 x86_64/2006.0/RPMS/lib64devhelp-1_0-0.10-7.1.20060mdk.x86_64.rpm 1b67733b0450cd6572c9879c0eb38640 x86_64/2006.0/RPMS/lib64devhelp-1_0-devel-0.10-7.1.20060mdk.x86_64.rpm 115fcbc6c99bf063cd1768d2b08e9d89 x86_64/2006.0/RPMS/lib64nspr4-1.5.0.6-1.4.20060mdk.x86_64.rpm 686404fa32e2625f23b19e11c548bbe5 x86_64/2006.0/RPMS/lib64nspr4-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm f0886b330d3f5af566af6cf5572ca671 x86_64/2006.0/RPMS/lib64nspr4-static-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm 10e9abdcb3f952c4db35c85fe58ad8ad x86_64/2006.0/RPMS/lib64nss3-1.5.0.6-1.4.20060mdk.x86_64.rpm 202bab2742f162d1cbd6d36720e6f7fb x86_64/2006.0/RPMS/lib64nss3-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm e9aaff3090a4459b57367f4903b0458a x86_64/2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm fa99cbc159722cc0ff9e5710f24ca599 x86_64/2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm d4d45b797ca2f2347c0409d9f956ff25 x86_64/2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm 8d33e72703090a911f7fd171ad9dd719 x86_64/2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm 23afd287c042c5492c210255554a6893 x86_64/2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm 74811077c91dde3bc8c8bae45e5862a7 x86_64/2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.x86_64.rpm 75711988a67bf3f36fc08823561bb2b7 x86_64/2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.x86_64.rpm 5bd9ad43769390549ab3c4549c971db7 x86_64/2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.x86_64.rpm dfdd808e2ec0866c15db5f1ea6a5b5bd x86_64/2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.x86_64.rpm 1fad19f458ce0aa50e86710ed3b7fe04 x86_64/2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.x86_64.rpm 743e8d4f009ab2d2fc2e8c131244fb57 x86_64/2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.x86_64.rpm 476ee9a87f650a0ef3523a9619f9f611 x86_64/2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm be48721cbc6e5634b50ce5b6cfe4a951 x86_64/2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.x86_64.rpm e56ce18466e20db3189e035329c606ce x86_64/2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.x86_64.rpm 489e5940c9ac9573842888ff07436e4c x86_64/2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.x86_64.rpm 73d2eb2fc6ec99a1d3eeb94d9ddff36e x86_64/2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.x86_64.rpm acbd3cd5f82b47a6c6cb03ebd6ca25ae x86_64/2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.x86_64.rpm 362807f9da1130dd8da606b9ded06311 x86_64/2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.x86_64.rpm e48c991fa555d22d1f382baa83dfcae9 x86_64/2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.x86_64.rpm 0d954f47de6d2cc58e36cd2c9ddae09c x86_64/2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.x86_64.rpm 8f615598d04985a0d60a3469ea3044ed x86_64/2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.x86_64.rpm f4810510feb31e6195358c5ddd87252f x86_64/2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.x86_64.rpm 537d53b7805ac84009f2ff99e3282b91 x86_64/2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.x86_64.rpm afbc9ee04902213758bbf262b732de21 x86_64/2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.x86_64.rpm dcef8c7676529394e5fbd4168f8e2cd6 x86_64/2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.x86_64.rpm f4ee0e7ecba430fd3ce5e8ebeda9b5c1 x86_64/2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.x86_64.rpm 778261355184ca73cbf1aab1ce56644d x86_64/2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.x86_64.rpm 10ca4e7f4cf10c380849ced0bf83e08b x86_64/2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.x86_64.rpm 427cabc08ec66e1a45bc27e5625f49bb x86_64/2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.x86_64.rpm de4e61d4fce7cd286bb4a3778cb8499f x86_64/2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.x86_64.rpm 86e9af4c42b59e32d4e5ac0a8d1afe30 x86_64/2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.x86_64.rpm 126b1e0826330986fbf485eabade949d x86_64/2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.x86_64.rpm d2e6da2db277b7f5dabed3e95d4b818b x86_64/2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.x86_64.rpm a83edee07d2465cf55024ed1b7aa779f x86_64/2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.x86_64.rpm 9e33e2a0c3d4a92a0b420c417fcd3469 x86_64/2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.x86_64.rpm 60279919aa5f17c2ecd9f64db87cb952 x86_64/2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm c446c046409b6697a863868fe5c64222 x86_64/2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm e726300336f737c8952f664bf1866d6f x86_64/2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm e9e30596eceb0bc9a03f7880cd7d14ea x86_64/2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm 4168c73cba97276fa4868b4ac2c7eb19 x86_64/2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm 6a7df29f5af703d10d7ea1fee160ac00 x86_64/2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm e56e14c28051ec4332cbde8dbee7bb6a x86_64/2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm 1a144c86fd8db39e2801117296e15d2b x86_64/2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm f4889d2ee6e07c0141b57ab9aaccae64 x86_64/2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm dee0f7bc91c797e880fff19e1cb05a63 x86_64/2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm 45724f6ceed66701392bd131feaf1f6d x86_64/2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm cc680cac7fea3f7f8a48a5daf86db088 x86_64/2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm 69b04335c21313262af4253863109cc8 x86_64/2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm 2aab89244a535afcbc25271df5d6b33f x86_64/2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm f1c7f71d5484c5047b1b38fc16888ae3 x86_64/2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm 3963e3c3a2c38c41d9d3bc5250b124a6 x86_64/2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm bb54aed17a126a9e8568d49866db99ea x86_64/2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm 2a1b11f2c8944bc1fc0d313d54a903cf x86_64/2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm 783c5b3c0fb9916e07f220110155476d x86_64/2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm 895e315731fa0b453045cc39da4f5358 x86_64/2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm daa0a127d2a1a3641d4e97bfb95f1647 x86_64/2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm 0c778b0738b11dfd5d68be48fa6316ed x86_64/2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm 7025d0118cf29e39117bd87c586e84a3 x86_64/2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm 5d8b8e869f588c0f5751e9ce7addba45 x86_64/2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm c5148674a8c7dd1f88c5729293f899ba x86_64/2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm 91d490c075473e2443e383201b961cb8 x86_64/2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm 622ae4619d151bb1634113e50b30fbac x86_64/2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm e6d64c14929d299e2fb52e334ae6641a x86_64/2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm 20f64c6dfd6aa1450cba5002d42f53d8 x86_64/2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm b93a6b548bb1cf0f8cc46dec133e81a3 x86_64/2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm f5603b65b3d10fa5083934e08d2d4560 x86_64/2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm c0e978ea92b4a8f3aa75dad5ab7588b9 x86_64/2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm 93cb0acaeddb095d13b37aeb0ab4dd49 x86_64/2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFE41l0mqjQ0CJFipgRAu1DAJ90MqoteYoIfAj0Gqim5fxrvOw7BACg0xq5 L8QZWCg0xY3ZRacFzNTgusw= =gl6u -----END PGP SIGNATURE-----
. ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-025.html July 26, 2006
-- CVE ID: CVE-2006-3677
-- Affected Vendor: Mozilla
-- Affected Products: Firefox 1.5.0 - 1.5.0.4 SeaMonkey 1.0 - 1.0.2
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since July 26, 2006 by Digital Vaccine protection filter ID 4326. More information is detailed in MFSA2006-45:
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
-- Disclosure Timeline: 2006.06.16 - Vulnerability reported to vendor 2006.07.25 - Vulnerability information provided to ZDI security partners 2006.07.26 - Digital Vaccine released to TippingPoint customers 2006.07.26 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0664",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "seamonkey",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.5.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 2.2,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "firefox",
"scope": "lte",
"trust": 0.8,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "seamonkey",
"scope": "lte",
"trust": 0.8,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "1.5.x",
"scope": null,
"trust": 0.7,
"vendor": "mozilla firefox",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "rpath",
"version": "1"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.6,
"vendor": "mandriva",
"version": "2006.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "3"
},
{
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "1.52"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "seamonkey",
"scope": "ne",
"trust": 0.6,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.6,
"vendor": "slackware",
"version": null
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.6,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "slackware",
"version": "10.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.6,
"vendor": "gentoo",
"version": null
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "1.51"
},
{
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.6,
"vendor": "mandriva",
"version": "2006.0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "3"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.6,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "3"
},
{
"model": "seamonkey dev",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "thunderbird beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.52"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.1"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "firefox preview release",
"scope": null,
"trust": 0.3,
"vendor": "mozilla",
"version": null
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "solaris 10.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.4"
},
{
"model": "firefox rc",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.3"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "k-meleon",
"scope": "eq",
"trust": 0.3,
"vendor": "k meleon",
"version": "1.0"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.0"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8.4"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "netscape",
"version": "8.1"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8.3"
},
{
"model": "flock",
"scope": "eq",
"trust": 0.3,
"vendor": "flock",
"version": "0.7.32"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#670060"
},
{
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"db": "BID",
"id": "19181"
},
{
"db": "BID",
"id": "19192"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
},
{
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-025"
}
],
"trust": 0.7
},
"cve": "CVE-2006-3677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-3677",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-19785",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-3677",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#670060",
"trust": 0.8,
"value": "58.14"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-482",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-19785",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#670060"
},
{
"db": "VULHUB",
"id": "VHN-19785"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
},
{
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. Mozilla products fail to properly release memory. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The flaw exists when assigning specific values to the window.navigator object. A lack of checking on assignment causes user supplied data to be later used in the creation of other objects leading to eventual code execution. The Mozilla Foundation has released thirteen security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. \nOther attacks may also be possible. \nThe issues described here will be split into individual BIDs as more information becomes available. \nThese issues are fixed in:\n- Mozilla Firefox 1.5.0.5\n- Mozilla Thunderbird 1.5.0.5\n- Mozilla SeaMonkey 1.0.3. Mozilla Firefox is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input before using it to create new JavaScript objects. \nThis issue was previously discussed in BID 19181 (Mozilla Multiple Products Remote Vulnerabilities). =========================================================== \nUbuntu Security Notice USN-327-1 July 27, 2006\nfirefox vulnerabilities\nCVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802,\nCVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,\nCVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,\nCVE-2006-3812\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n firefox 1.5.dfsg+1.5.0.5-0ubuntu6.06\n\nAfter a standard system upgrade you need to restart Firefox to effect\nthe necessary changes. \n\nPlease note that Firefox 1.0.8 in Ubuntu 5.10 and Ubuntu 5.04 are also\naffected by these problems. Updates for these Ubuntu releases will be\ndelayed due to upstream dropping support for this Firefox version. We\nstrongly advise that you disable JavaScript to disable the attack\nvectors for most vulnerabilities if you use one of these Ubuntu\nversions. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801,\nCVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,\nCVE-2006-3809, CVE-2006-3811, CVE-2006-3812)\n\ncross-site scripting vulnerabilities were found in the\nXPCNativeWrapper() function and native DOM method handlers. A\nmalicious web site could exploit these to modify the contents or steal\nconfidential data (such as passwords) from other opened web pages. \n(CVE-2006-3802, CVE-2006-3810)\n\nA bug was found in the script handler for automatic proxy\nconfiguration. (CVE-2006-3808)\n\nPlease see \n\n http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox\n\nfor technical details of these vulnerabilities. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.diff.gz\n Size/MD5: 174602 7be6f5862219ac4cf44f05733f372f2b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.dsc\n Size/MD5: 1109 252d6acf45b009008a6bc88166e2632f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5.orig.tar.gz\n Size/MD5: 44067762 749933c002e158576ec15782fc451e43\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb\n Size/MD5: 49190 850dd650e7f876dd539e605d9b3026c8\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb\n Size/MD5: 50078 c1fa4a40187d9c5b58bd049edb00ce54\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 47269292 167aadc3f03b4e1b7cb9ed826e672983\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 2796768 b54592d0bd736f6ee12a90987771bc59\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 216136 79fa6c69ffb0dd6037e56d1ba538ff64\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 82358 e2e026d582a7b5352cee4453cef0fe45\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 9400544 a9d0b804a4374dc636bb79968a2bce5c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 218822 a09476caea7d8d73d6a2f534bd494493\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 161876 0e0e65348dba8167b4891b173baa8f0d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 235746 064fc1434a315f857ee92f60fd49d772\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb\n Size/MD5: 757458 bd6a5e28e05a04a5deca731ab29f70e4\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 43837610 a7e4a535262f8a5d5cb0ace7ed785237\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 2796700 4509dbf62e3fd2cda7168c20aa65ba4f\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 209546 50e174c1c7290fca51f9e1ee71ebb56c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 74732 25ba86caeeb1a88da4493875178a3636\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 7916536 40ebfe4330af25c2359f8b25b039ed5e\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 218822 6066f59acbce1b4de2dc284b5801efc5\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 146570 c1a5c5cc4371b228093d03d9ed7ad607\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 235754 0e9a1a89f63a9869b875ee6a50547c2b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb\n Size/MD5: 669556 d537a4771b80e5c06f18b2c5d7e5d384\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 48648192 479d29e08ff2b9cef89a6da3285c0aad\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 2796790 60b97738bfc3b8b32914487bb4aba239\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 212982 a396e119a32303afc024d513b997c84e\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 77894 ef7841bb2ab8de0e0c44e59c893b1622\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 9019132 ed3927484eea5fccf84a2840640febf3\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 218826 a2338c3c8064a304deb752bf32a291f8\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 159112 7d5d6100727ceb894695b219cec11e43\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 235754 69085beb145222fea07d2d6c19158a2d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb\n Size/MD5: 768332 8dc6cc8c54185d57af14bab3bee39f9d\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 45235424 f5a07188af5802fffbd3cfdd64b109cf\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 2796756 cb13c7ea0e3b7af2f1e12db1f8dc38a2\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 210488 17f7723b697110c8f132422bc059d447\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 76340 c38ccb8b71b9c3783a1c9816ecd9cf5d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 8411310 4b3865b2df3924d094e0b18f207bf33d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 218814 a0e67d0d425cea2cd5835e2c2faa930f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 149018 73108368f0ef745188ebd1c48ea10c88\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 235746 695a6122710fb30201daaa239ba6d48d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb\n Size/MD5: 681612 896721beb3cdcea12bab98223c0796c2\n. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-208A\n\n\nMozilla Products Contain Multiple Vulnerabilities\n\n Original release date: July 27, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Mozilla SeaMonkey\n * Mozilla Firefox\n * Mozilla Thunderbird\n\n Any products based on Mozilla components, specifically Gecko, may also\n be affected. \n\n\nI. \n (CVE-2006-3805)\n\n\n VU#655892 - Mozilla JavaScript engine contains multiple integer\n overflows \n\n The Mozilla JavaScript engine contains multiple integer overflows. \n (CVE-2006-3811)\n\n\nII. \n\n\nIII. \n\nDisable JavaScript and Java\n\n These vulnerabilities can be mitigated by disabling JavaScript and\n Java in all affected products. Instructions for disabling Java in\n Firefox can be found in the \"Securing Your Web Browser\" document. \n\n\nAppendix A. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-208A Feedback VU#239124\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n Jul 27, 2006: Initial release\n\n\n \n \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRMkgNexOF3G+ig+rAQIFsAgAoWoMkxxhkzb+xgLVCJF7h4k4EBCgJGWa\nBSOiFfL4Gs4vv4lNooDRCIOdxiBfXYL71XsIOT4aWry5852/6kyYnyAiXXYj1Uv0\nSbPY2sQSZ5EaG+G9i8HDIy3fpJN4XgH3ng1uzUnJihY19IfndbXicpZE+debIUri\nqt9NRD2f5FW5feKo1cBpYxtmxQAEePOa2dJHh7I7cnFGtG3MixHx4kVEyuYUutCX\n5tHDsfTIdySNkIdCQ4vhk846bErB/kaHiKMQDfMglllb3GOSc07OQ0CDo2eTPVsA\n9DtKkiDP1C4dh1mxco8CWlS6327+EB0KXGGoqDF2+j/rrpsW0oc8nA==\n=HwuK\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nThe Mozilla SeaMonkey project is a community effort to deliver\nproduction-quality releases of code derived from the application\nformerly known as \"Mozilla Application Suite\". The\ngoal is to produce a cross-platform stand-alone browser application. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/mozilla-firefox \u003c 1.5.0.5 \u003e= 1.5.0.5\n 2 www-client/mozilla-firefox-bin \u003c 1.5.0.5 \u003e= 1.5.0.5\n -------------------------------------------------------------------\n 2 affected packages on all of their supported architectures. \n\n* Developers in the Mozilla community looked for and fixed several\n crash bugs to improve the stability of Mozilla clients. \n\n* \"shutdown\" reports that cross-site scripting (XSS) attacks could be\n performed using the construct XPCNativeWrapper(window).Function(...),\n which created a function that appeared to belong to the window in\n question even after it had been navigated to the target site. \n\n* \"shutdown\" reports that scripts granting the UniversalBrowserRead\n privilege can leverage that into the equivalent of the far more\n powerful UniversalXPConnect since they are allowed to \"read\" into a\n privileged context. \n\n* \"moz_bug_r_a4\" reports that A malicious Proxy AutoConfig (PAC)\n server could serve a PAC script that can execute code with elevated\n privileges by setting the required FindProxyForURL function to the\n eval method on a privileged object that leaked into the PAC sandbox. \n\n* \"moz_bug_r_a4\" discovered that Named JavaScript functions have a\n parent object created using the standard Object() constructor\n (ECMA-specified behavior) and that this constructor can be redefined\n by script (also ECMA-specified behavior). \n\n* Igor Bukanov and shutdown found additional places where an untimely\n garbage collection could delete a temporary object that was in active\n use. \n\n* Georgi Guninski found potential integer overflow issues with long\n strings in the toSource() methods of the Object, Array and String\n objects as well as string function arguments. \n\n* H. D. Moore reported a testcase that was able to trigger a race\n condition where JavaScript garbage collection deleted a temporary\n variable still being used in the creation of a new Function object. \n\n* A malicious page can hijack native DOM methods on a document object\n in another domain, which will run the attacker\u0027s script when called\n by the victim page. This leads to use of a deleted timer object. \n\n* An anonymous researcher for TippingPoint and the Zero Day\n Initiative showed that when used in a web page Java would reference\n properties of the window.navigator object as it started up. \n\n* Thilo Girmann discovered that in certain circumstances a JavaScript\n reference to a frame or window was not properly cleared when the\n referenced content went away. \n\nImpact\n======\n\nA user can be enticed to open specially crafted URLs, visit webpages\ncontaining malicious JavaScript or execute a specially crafted script. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-client/mozilla-firefox-1.5.0.5\"\n\nUsers of the binary package should upgrade as well:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=www-client/mozilla-firefox-bin-1.5.0.5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-3113\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113\n [ 2 ] CVE-2006-3677\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677\n [ 3 ] CVE-2006-3801\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801\n [ 4 ] CVE-2006-3802\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802\n [ 5 ] CVE-2006-3803\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803\n [ 6 ] CVE-2006-3805\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805\n [ 7 ] CVE-2006-3806\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806\n [ 8 ] CVE-2006-3807\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807\n [ 9 ] CVE-2006-3808\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808\n [ 10 ] CVE-2006-3809\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809\n [ 11 ] CVE-2006-3810\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810\n [ 12 ] CVE-2006-3811\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811\n [ 13 ] CVE-2006-3812\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200608-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nFor more information, see vulnerabilities #1, #3, #4, #5, #6, #7, #9,\n#10, and #11:\nSA19783\n\nSuccessful exploitation of these vulnerabilities requires that\nJavaScript is enabled in mails (not default setting). \n\nA boundary error has also been reported in the handling of VCard\nattachments. This can be exploited to cause a heap-based buffer\noverflow via a malicious VCard with a specially crafted base64 field\nthat causes a crash and may allow execution of arbitrary code. \n\nSOLUTION:\nUpdate to version 1.5.0.5. \n\nPROVIDED AND/OR DISCOVERED BY:\nDaniel Veditz, Mozilla. \n\nORIGINAL ADVISORY:\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-49.html\n\nOTHER REFERENCES:\nSA19783:\nhttp://secunia.com/advisories/19873/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n \n Previous updates to Firefox were patch fixes to Firefox 1.0.6 that\n brought it in sync with 1.0.8 in terms of security fixes. In this\n update, Mozilla Firefox 1.5.0.6 is being provided which corrects a\n number of vulnerabilities that were previously unpatched, as well as\n providing new and enhanced features. \n \n The following CVE names have been corrected with this update:\n CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776,\n CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780,\n CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, \n CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677,\n CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807,\n CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805,\n CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811,\n CVE-2006-3812. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2613\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3803\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3804\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3806\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3807\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3801\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3802\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3808\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3809\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3810\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3811\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3812\n http://www.mozilla.org/security/announce/2006/mfsa2006-31.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-32.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-33.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-34.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-35.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-36.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-37.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-38.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-39.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-41.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-42.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-43.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-44.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-45.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-46.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-47.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-48.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-50.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-51.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-52.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-53.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-54.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-55.html\n http://www.mozilla.org/security/announce/2006/mfsa2006-56.html\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 76ef1a2e7338c08e485ab2c19a1ce691 2006.0/RPMS/devhelp-0.10-7.1.20060mdk.i586.rpm\n d44f02b82df9f404f899ad8bc4bdd6a2 2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.i586.rpm\n 29efc065aeb4a53a105b2c27be816758 2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.i586.rpm\n caad34c0d4c16a50ec4b05820e6d01db 2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.i586.rpm\n d0e75938f4e129936351f015bd90a37a 2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm\n 652044ff7d9c3170df845011ec696393 2006.0/RPMS/libdevhelp-1_0-0.10-7.1.20060mdk.i586.rpm\n bf6dcf87f409d06b42234dbca387b922 2006.0/RPMS/libdevhelp-1_0-devel-0.10-7.1.20060mdk.i586.rpm\n e9aaff3090a4459b57367f4903b0458a 2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm\n fa99cbc159722cc0ff9e5710f24ca599 2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm\n d4d45b797ca2f2347c0409d9f956ff25 2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm\n 8d33e72703090a911f7fd171ad9dd719 2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm\n 23afd287c042c5492c210255554a6893 2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm\n 4a188f54230b943ea9c8930eb2e0cfe1 2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.i586.rpm\n 5bec4690547fd733ca97cb2933ebe427 2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.i586.rpm\n 55836595e5cba3828a9a5a27e5aa1825 2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.i586.rpm\n 0faf5ee7022ee0b70915d2c845865cae 2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.i586.rpm\n 312a89317692b3bd86060a1995365d86 2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.i586.rpm\n 38215dccbee8a169bcbac2af2897c2f7 2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.i586.rpm\n aaba2fa72f8de960a3a757b3010027d3 2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.i586.rpm\n d8d59a55974f6fa20d99fb30f126638f 2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.i586.rpm\n 946e6a76c71dbbee3340f1a96ae25a1d 2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.i586.rpm\n 9a14c31a41c2bac3942caa3d1fb5daee 2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.i586.rpm\n b5074c27d1cb719bf9f8fabe8aebf628 2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.i586.rpm\n 7a225cdfdf0c17c0f4a72ad27907fc07 2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.i586.rpm\n 06526a054d108d3c9b5f66313151ecc2 2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.i586.rpm\n 8f721bd3914c31e04359def6272db929 2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.i586.rpm\n a704ed726e6db4ba59592563cd2c48b0 2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.i586.rpm\n 0ef6729b05e013a364e847e4a1b7b3e3 2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.i586.rpm\n 570b19872de676414b399ff970024b78 2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.i586.rpm\n dee38f0bbe3870d3bd8ad02ea968c57a 2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.i586.rpm\n 92916e155ec38b5078234728593d72a2 2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.i586.rpm\n c808f2f32fc9e514ffb097eeeb226a96 2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.i586.rpm\n 6dda5771d062eae75f8f04b7dab8d6cc 2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.i586.rpm\n c4ac8441170504cc5ec05cf5c8e6e9f9 2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.i586.rpm\n 2765008afd4c0ba1d702eda9627a7690 2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.i586.rpm\n 15b600977b07651f1c3568f4d7f1f9ac 2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.i586.rpm\n 6f1fae6befe608fc841fcc71e15852c0 2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.i586.rpm\n 81f412da40ea14bcc23d420d7a5724f9 2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.i586.rpm\n 76e0ece3c0b6f507340871a168a57e36 2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.i586.rpm\n 6ded58e85ed113718cfb3484ae420bb9 2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.i586.rpm\n c76f6648e88de4a63991eac66c3fba04 2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.i586.rpm\n 1c7ab93275bcdcf30ed9ec2ddb4893df 2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.i586.rpm\n 60279919aa5f17c2ecd9f64db87cb952 2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm\n c446c046409b6697a863868fe5c64222 2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm\n e726300336f737c8952f664bf1866d6f 2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm\n e9e30596eceb0bc9a03f7880cd7d14ea 2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm\n 4168c73cba97276fa4868b4ac2c7eb19 2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm\n 6a7df29f5af703d10d7ea1fee160ac00 2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm\n e56e14c28051ec4332cbde8dbee7bb6a 2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm\n 1a144c86fd8db39e2801117296e15d2b 2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm\n f4889d2ee6e07c0141b57ab9aaccae64 2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm\n dee0f7bc91c797e880fff19e1cb05a63 2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm\n 45724f6ceed66701392bd131feaf1f6d 2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm\n cc680cac7fea3f7f8a48a5daf86db088 2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm\n 69b04335c21313262af4253863109cc8 2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm\n 2aab89244a535afcbc25271df5d6b33f 2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm\n f1c7f71d5484c5047b1b38fc16888ae3 2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm\n 3963e3c3a2c38c41d9d3bc5250b124a6 2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm\n bb54aed17a126a9e8568d49866db99ea 2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm\n 2a1b11f2c8944bc1fc0d313d54a903cf 2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm\n 783c5b3c0fb9916e07f220110155476d 2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm\n 895e315731fa0b453045cc39da4f5358 2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm\n daa0a127d2a1a3641d4e97bfb95f1647 2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm\n 0c778b0738b11dfd5d68be48fa6316ed 2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm\n 7025d0118cf29e39117bd87c586e84a3 2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm\n 5d8b8e869f588c0f5751e9ce7addba45 2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm\n c5148674a8c7dd1f88c5729293f899ba 2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm\n 91d490c075473e2443e383201b961cb8 2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm\n 622ae4619d151bb1634113e50b30fbac 2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm\n e6d64c14929d299e2fb52e334ae6641a 2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm\n 20f64c6dfd6aa1450cba5002d42f53d8 2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm\n b93a6b548bb1cf0f8cc46dec133e81a3 2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm\n f5603b65b3d10fa5083934e08d2d4560 2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm\n c0e978ea92b4a8f3aa75dad5ab7588b9 2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm\n 93cb0acaeddb095d13b37aeb0ab4dd49 2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n d52f4955f15f99137dd9a0b2f360c8b2 x86_64/2006.0/RPMS/devhelp-0.10-7.1.20060mdk.x86_64.rpm\n 369457b4a09c07ba18ee5bb18fb2ffa1 x86_64/2006.0/RPMS/epiphany-1.8.5-4.1.20060mdk.x86_64.rpm\n 76735684f3ff493770e374a90fd359c7 x86_64/2006.0/RPMS/epiphany-devel-1.8.5-4.1.20060mdk.x86_64.rpm\n 5da75ab6624f8c8f0c212ce2299d645f x86_64/2006.0/RPMS/galeon-2.0.1-1.1.20060mdk.x86_64.rpm\n 945059b9456c9ff2ccd40ff4a6d8ae70 x86_64/2006.0/RPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.noarch.rpm\n 193f97760bb46e16051ba7b6b968f340 x86_64/2006.0/RPMS/lib64devhelp-1_0-0.10-7.1.20060mdk.x86_64.rpm\n 1b67733b0450cd6572c9879c0eb38640 x86_64/2006.0/RPMS/lib64devhelp-1_0-devel-0.10-7.1.20060mdk.x86_64.rpm\n 115fcbc6c99bf063cd1768d2b08e9d89 x86_64/2006.0/RPMS/lib64nspr4-1.5.0.6-1.4.20060mdk.x86_64.rpm\n 686404fa32e2625f23b19e11c548bbe5 x86_64/2006.0/RPMS/lib64nspr4-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm\n f0886b330d3f5af566af6cf5572ca671 x86_64/2006.0/RPMS/lib64nspr4-static-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm\n 10e9abdcb3f952c4db35c85fe58ad8ad x86_64/2006.0/RPMS/lib64nss3-1.5.0.6-1.4.20060mdk.x86_64.rpm\n 202bab2742f162d1cbd6d36720e6f7fb x86_64/2006.0/RPMS/lib64nss3-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm\n e9aaff3090a4459b57367f4903b0458a x86_64/2006.0/RPMS/libnspr4-1.5.0.6-1.4.20060mdk.i586.rpm\n fa99cbc159722cc0ff9e5710f24ca599 x86_64/2006.0/RPMS/libnspr4-devel-1.5.0.6-1.4.20060mdk.i586.rpm\n d4d45b797ca2f2347c0409d9f956ff25 x86_64/2006.0/RPMS/libnspr4-static-devel-1.5.0.6-1.4.20060mdk.i586.rpm\n 8d33e72703090a911f7fd171ad9dd719 x86_64/2006.0/RPMS/libnss3-1.5.0.6-1.4.20060mdk.i586.rpm\n 23afd287c042c5492c210255554a6893 x86_64/2006.0/RPMS/libnss3-devel-1.5.0.6-1.4.20060mdk.i586.rpm\n 74811077c91dde3bc8c8bae45e5862a7 x86_64/2006.0/RPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.x86_64.rpm\n 75711988a67bf3f36fc08823561bb2b7 x86_64/2006.0/RPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 5bd9ad43769390549ab3c4549c971db7 x86_64/2006.0/RPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.x86_64.rpm\n dfdd808e2ec0866c15db5f1ea6a5b5bd x86_64/2006.0/RPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 1fad19f458ce0aa50e86710ed3b7fe04 x86_64/2006.0/RPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 743e8d4f009ab2d2fc2e8c131244fb57 x86_64/2006.0/RPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 476ee9a87f650a0ef3523a9619f9f611 x86_64/2006.0/RPMS/mozilla-firefox-devel-1.5.0.6-1.4.20060mdk.x86_64.rpm\n be48721cbc6e5634b50ce5b6cfe4a951 x86_64/2006.0/RPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.x86_64.rpm\n e56ce18466e20db3189e035329c606ce x86_64/2006.0/RPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 489e5940c9ac9573842888ff07436e4c x86_64/2006.0/RPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 73d2eb2fc6ec99a1d3eeb94d9ddff36e x86_64/2006.0/RPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.x86_64.rpm\n acbd3cd5f82b47a6c6cb03ebd6ca25ae x86_64/2006.0/RPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 362807f9da1130dd8da606b9ded06311 x86_64/2006.0/RPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.x86_64.rpm\n e48c991fa555d22d1f382baa83dfcae9 x86_64/2006.0/RPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 0d954f47de6d2cc58e36cd2c9ddae09c x86_64/2006.0/RPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 8f615598d04985a0d60a3469ea3044ed x86_64/2006.0/RPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.x86_64.rpm\n f4810510feb31e6195358c5ddd87252f x86_64/2006.0/RPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 537d53b7805ac84009f2ff99e3282b91 x86_64/2006.0/RPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.x86_64.rpm\n afbc9ee04902213758bbf262b732de21 x86_64/2006.0/RPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.x86_64.rpm\n dcef8c7676529394e5fbd4168f8e2cd6 x86_64/2006.0/RPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.x86_64.rpm\n f4ee0e7ecba430fd3ce5e8ebeda9b5c1 x86_64/2006.0/RPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 778261355184ca73cbf1aab1ce56644d x86_64/2006.0/RPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 10ca4e7f4cf10c380849ced0bf83e08b x86_64/2006.0/RPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 427cabc08ec66e1a45bc27e5625f49bb x86_64/2006.0/RPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.x86_64.rpm\n de4e61d4fce7cd286bb4a3778cb8499f x86_64/2006.0/RPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 86e9af4c42b59e32d4e5ac0a8d1afe30 x86_64/2006.0/RPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 126b1e0826330986fbf485eabade949d x86_64/2006.0/RPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.x86_64.rpm\n d2e6da2db277b7f5dabed3e95d4b818b x86_64/2006.0/RPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.x86_64.rpm\n a83edee07d2465cf55024ed1b7aa779f x86_64/2006.0/RPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.x86_64.rpm\n 9e33e2a0c3d4a92a0b420c417fcd3469 x86_64/2006.0/RPMS/yelp-2.10.0-6.1.20060mdk.x86_64.rpm\n 60279919aa5f17c2ecd9f64db87cb952 x86_64/2006.0/SRPMS/devhelp-0.10-7.1.20060mdk.src.rpm\n c446c046409b6697a863868fe5c64222 x86_64/2006.0/SRPMS/epiphany-1.8.5-4.1.20060mdk.src.rpm\n e726300336f737c8952f664bf1866d6f x86_64/2006.0/SRPMS/galeon-2.0.1-1.1.20060mdk.src.rpm\n e9e30596eceb0bc9a03f7880cd7d14ea x86_64/2006.0/SRPMS/gnome-doc-utils-0.4.4-2.1.20060mdk.src.rpm\n 4168c73cba97276fa4868b4ac2c7eb19 x86_64/2006.0/SRPMS/mozilla-firefox-1.5.0.6-1.4.20060mdk.src.rpm\n 6a7df29f5af703d10d7ea1fee160ac00 x86_64/2006.0/SRPMS/mozilla-firefox-br-1.5.0.6-0.1.20060mdk.src.rpm\n e56e14c28051ec4332cbde8dbee7bb6a x86_64/2006.0/SRPMS/mozilla-firefox-ca-1.5.0.6-0.1.20060mdk.src.rpm\n 1a144c86fd8db39e2801117296e15d2b x86_64/2006.0/SRPMS/mozilla-firefox-cs-1.5.0.6-0.1.20060mdk.src.rpm\n f4889d2ee6e07c0141b57ab9aaccae64 x86_64/2006.0/SRPMS/mozilla-firefox-da-1.5.0.6-0.1.20060mdk.src.rpm\n dee0f7bc91c797e880fff19e1cb05a63 x86_64/2006.0/SRPMS/mozilla-firefox-de-1.5.0.6-0.1.20060mdk.src.rpm\n 45724f6ceed66701392bd131feaf1f6d x86_64/2006.0/SRPMS/mozilla-firefox-el-1.5.0.6-0.1.20060mdk.src.rpm\n cc680cac7fea3f7f8a48a5daf86db088 x86_64/2006.0/SRPMS/mozilla-firefox-es-1.5.0.6-0.1.20060mdk.src.rpm\n 69b04335c21313262af4253863109cc8 x86_64/2006.0/SRPMS/mozilla-firefox-fi-1.5.0.6-0.1.20060mdk.src.rpm\n 2aab89244a535afcbc25271df5d6b33f x86_64/2006.0/SRPMS/mozilla-firefox-fr-1.5.0.6-0.1.20060mdk.src.rpm\n f1c7f71d5484c5047b1b38fc16888ae3 x86_64/2006.0/SRPMS/mozilla-firefox-ga-1.5.0.6-0.1.20060mdk.src.rpm\n 3963e3c3a2c38c41d9d3bc5250b124a6 x86_64/2006.0/SRPMS/mozilla-firefox-he-1.5.0.6-0.1.20060mdk.src.rpm\n bb54aed17a126a9e8568d49866db99ea x86_64/2006.0/SRPMS/mozilla-firefox-hu-1.5.0.6-0.1.20060mdk.src.rpm\n 2a1b11f2c8944bc1fc0d313d54a903cf x86_64/2006.0/SRPMS/mozilla-firefox-it-1.5.0.6-0.1.20060mdk.src.rpm\n 783c5b3c0fb9916e07f220110155476d x86_64/2006.0/SRPMS/mozilla-firefox-ja-1.5.0.6-0.1.20060mdk.src.rpm\n 895e315731fa0b453045cc39da4f5358 x86_64/2006.0/SRPMS/mozilla-firefox-ko-1.5.0.6-0.1.20060mdk.src.rpm\n daa0a127d2a1a3641d4e97bfb95f1647 x86_64/2006.0/SRPMS/mozilla-firefox-nb-1.5.0.6-0.1.20060mdk.src.rpm\n 0c778b0738b11dfd5d68be48fa6316ed x86_64/2006.0/SRPMS/mozilla-firefox-nl-1.5.0.6-0.1.20060mdk.src.rpm\n 7025d0118cf29e39117bd87c586e84a3 x86_64/2006.0/SRPMS/mozilla-firefox-pl-1.5.0.6-0.1.20060mdk.src.rpm\n 5d8b8e869f588c0f5751e9ce7addba45 x86_64/2006.0/SRPMS/mozilla-firefox-pt_BR-1.5.0.6-0.1.20060mdk.src.rpm\n c5148674a8c7dd1f88c5729293f899ba x86_64/2006.0/SRPMS/mozilla-firefox-ro-1.5.0.6-0.1.20060mdk.src.rpm\n 91d490c075473e2443e383201b961cb8 x86_64/2006.0/SRPMS/mozilla-firefox-ru-1.5.0.6-0.1.20060mdk.src.rpm\n 622ae4619d151bb1634113e50b30fbac x86_64/2006.0/SRPMS/mozilla-firefox-sk-1.5.0.6-0.1.20060mdk.src.rpm\n e6d64c14929d299e2fb52e334ae6641a x86_64/2006.0/SRPMS/mozilla-firefox-sl-1.5.0.6-0.1.20060mdk.src.rpm\n 20f64c6dfd6aa1450cba5002d42f53d8 x86_64/2006.0/SRPMS/mozilla-firefox-sv-1.5.0.6-0.1.20060mdk.src.rpm\n b93a6b548bb1cf0f8cc46dec133e81a3 x86_64/2006.0/SRPMS/mozilla-firefox-tr-1.5.0.6-0.1.20060mdk.src.rpm\n f5603b65b3d10fa5083934e08d2d4560 x86_64/2006.0/SRPMS/mozilla-firefox-zh_CN-1.5.0.6-0.1.20060mdk.src.rpm\n c0e978ea92b4a8f3aa75dad5ab7588b9 x86_64/2006.0/SRPMS/mozilla-firefox-zh_TW-1.5.0.6-0.1.20060mdk.src.rpm\n 93cb0acaeddb095d13b37aeb0ab4dd49 x86_64/2006.0/SRPMS/yelp-2.10.0-6.1.20060mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFE41l0mqjQ0CJFipgRAu1DAJ90MqoteYoIfAj0Gqim5fxrvOw7BACg0xq5\nL8QZWCg0xY3ZRacFzNTgusw=\n=gl6u\n-----END PGP SIGNATURE-----\n\n. ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-06-025.html\nJuly 26, 2006\n\n-- CVE ID:\nCVE-2006-3677\n\n-- Affected Vendor:\nMozilla\n\n-- Affected Products:\nFirefox 1.5.0 - 1.5.0.4\nSeaMonkey 1.0 - 1.0.2\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability since July 26, 2006 by Digital Vaccine protection\nfilter ID 4326. More information is detailed in MFSA2006-45:\n\n http://www.mozilla.org/security/announce/2006/mfsa2006-45.html\n\n-- Disclosure Timeline:\n2006.06.16 - Vulnerability reported to vendor\n2006.07.25 - Vulnerability information provided to ZDI security partners\n2006.07.26 - Digital Vaccine released to TippingPoint customers\n2006.07.26 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by an anonymous researcher. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-3677"
},
{
"db": "CERT/CC",
"id": "VU#670060"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"db": "BID",
"id": "19181"
},
{
"db": "BID",
"id": "19192"
},
{
"db": "VULHUB",
"id": "VHN-19785"
},
{
"db": "PACKETSTORM",
"id": "48662"
},
{
"db": "PACKETSTORM",
"id": "48661"
},
{
"db": "PACKETSTORM",
"id": "49029"
},
{
"db": "PACKETSTORM",
"id": "49032"
},
{
"db": "PACKETSTORM",
"id": "48601"
},
{
"db": "PACKETSTORM",
"id": "49350"
},
{
"db": "PACKETSTORM",
"id": "48641"
}
],
"trust": 4.23
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-19785",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19785"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-3677",
"trust": 4.4
},
{
"db": "BID",
"id": "19181",
"trust": 3.6
},
{
"db": "ZDI",
"id": "ZDI-06-025",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#670060",
"trust": 3.3
},
{
"db": "BID",
"id": "19192",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA06-208A",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "19873",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "21216",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2006-2998",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0083",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3748",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21336",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "22066",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21529",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21361",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21243",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21532",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21246",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21229",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21262",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21343",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21269",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "22210",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21270",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016587",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016586",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "21631",
"trust": 1.1
},
{
"db": "USCERT",
"id": "SA06-208A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-055",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482",
"trust": 0.7
},
{
"db": "REDHAT",
"id": "RHSA-2006:0609",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0608",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0611",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0594",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0610",
"trust": 0.6
},
{
"db": "CONFIRM",
"id": "HTTP://WWW.MOZILLA.ORG/SECURITY/ANNOUNCE/2006/MFSA2006-45.HTML",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-354-1",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-327-1",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2006:048",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060726 ZDI-06-025: MOZILLA FIREFOX JAVASCRIPT NAVIGATOR OBJECT VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060727 RPSA-2006-0137-1 FIREFOX",
"trust": 0.6
},
{
"db": "XF",
"id": "39998",
"trust": 0.6
},
{
"db": "XF",
"id": "27981",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-208A",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200608-02",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200608-03",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT061181",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2006:145",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2006:143",
"trust": 0.6
},
{
"db": "SGI",
"id": "20060703-01-P",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "48641",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-70818",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-63754",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-66996",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2082",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9946",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16300",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48773",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-19785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48662",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49029",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49032",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "21228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48601",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49350",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#670060"
},
{
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"db": "VULHUB",
"id": "VHN-19785"
},
{
"db": "BID",
"id": "19181"
},
{
"db": "BID",
"id": "19192"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"db": "PACKETSTORM",
"id": "48662"
},
{
"db": "PACKETSTORM",
"id": "48661"
},
{
"db": "PACKETSTORM",
"id": "49029"
},
{
"db": "PACKETSTORM",
"id": "49032"
},
{
"db": "PACKETSTORM",
"id": "48601"
},
{
"db": "PACKETSTORM",
"id": "49350"
},
{
"db": "PACKETSTORM",
"id": "48641"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
},
{
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"id": "VAR-200607-0664",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-19785"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:51:25.312000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mfsa2006-45",
"trust": 1.5,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-45.html"
},
{
"title": "HPSBUX02153",
"trust": 0.8,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00771742"
},
{
"title": "HPSBUX02153",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02153.html"
},
{
"title": "seamonkey (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=984"
},
{
"title": "mfsa2006-45",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2006/mfsa2006-45.html"
},
{
"title": "RHSA-2006:0608",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0608.html"
},
{
"title": "RHSA-2006:0594",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0594.html"
},
{
"title": "RHSA-2006:0610",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0610.html"
},
{
"title": "RHSA-2006:0611",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0611.html"
},
{
"title": "RHSA-2006:0609",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0609.html"
},
{
"title": "RHSA-2006:0608",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0608j.html"
},
{
"title": "RHSA-2006:0594",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0594j.html"
},
{
"title": "RHSA-2006:0610",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0610j.html"
},
{
"title": "RHSA-2006:0611",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0611j.html"
},
{
"title": "RHSA-2006:0609",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0609j.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-19785"
},
{
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.securityfocus.com/bid/19181"
},
{
"trust": 3.2,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-45.html"
},
{
"trust": 2.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-06-025.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/19192"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-208a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/670060"
},
{
"trust": 2.3,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0609.html"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"trust": 1.7,
"url": "https://issues.rpath.com/browse/rpl-536"
},
{
"trust": 1.7,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:143"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:145"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0594.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0608.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0610.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0611.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016586"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016587"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19873"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21216"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21229"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21243"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21246"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21262"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21269"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21270"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21336"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21343"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21361"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21529"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21532"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22210"
},
{
"trust": 1.7,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-u.asc"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"trust": 1.2,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-44.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/441332/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10745"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/21631"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/22066"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/327-1/"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/2998"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39998"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27981"
},
{
"trust": 1.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3677"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/19873/"
},
{
"trust": 0.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=342267 "
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21216/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-208a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-208a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-3677"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa06-208a.html"
},
{
"trust": 0.6,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0608.html"
},
{
"trust": 0.6,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0594.html"
},
{
"trust": 0.6,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0610.html"
},
{
"trust": 0.6,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0611.html"
},
{
"trust": 0.6,
"url": "/archive/1/441333"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/2998"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/27981"
},
{
"trust": 0.6,
"url": "http://www.ubuntulinux.org/support/documentation/usn/usn-327-1"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/441332/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:145"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2006:143"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39998"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0083"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3748"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-47.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-48.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-49.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-50.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-52.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-53.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-54.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-55.html"
},
{
"trust": 0.4,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-56.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3677"
},
{
"trust": 0.3,
"url": "http://r.your.hp.com/r/c/r?1.1.hx.dc.w2ce*.ctgd3g..t.e4wu.1_wg.31xxao"
},
{
"trust": 0.3,
"url": "http://r.your.hp.com/r/c/r?1.1.hx.dc.w2ce*.ctgd3g..t.e4ww.1_wg.31u1aq"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2006-53/advisory/"
},
{
"trust": 0.3,
"url": "http://lists.grok.org.uk"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1"
},
{
"trust": 0.3,
"url": "https://www.it-isac.org/postings/cyber/uscertalerts.php"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-155.htm"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-311.htm"
},
{
"trust": 0.3,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1188588104897+28353475\u0026docid=c00771742"
},
{
"trust": 0.3,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1174502331230+28353475\u0026docid=c00774579"
},
{
"trust": 0.3,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1188583914532+28353475\u0026docid=c00774579"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html"
},
{
"trust": 0.3,
"url": "/archive/1/441332"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3803"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3810"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3113"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3809"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3802"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3808"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3806"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3812"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3801"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3811"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3805"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3807"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3803"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3113"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3801"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3806"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3804"
},
{
"trust": 0.2,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3804"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3809"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3812"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3810"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3802"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.5-0ubuntu6.06.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.5-0ubuntu6.06_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3808"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/browser_security.html#mozilla_firefox\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=firefox_1505\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3806\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-208a.html\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3803\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3811\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3113\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3801\u003e"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3677\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3805\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3804\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3807\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200608-03.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9735/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21228/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2637/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4652/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2786"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-37.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2775"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-34.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2785"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2777"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2785"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2776"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2784"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2779"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2788"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2777"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-36.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-35.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2786"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2778"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-33.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-42.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-41.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2782"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2784"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2775"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2894"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-31.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-32.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2613"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-43.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2894"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2613"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#670060"
},
{
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"db": "VULHUB",
"id": "VHN-19785"
},
{
"db": "BID",
"id": "19181"
},
{
"db": "BID",
"id": "19192"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"db": "PACKETSTORM",
"id": "48662"
},
{
"db": "PACKETSTORM",
"id": "48661"
},
{
"db": "PACKETSTORM",
"id": "49029"
},
{
"db": "PACKETSTORM",
"id": "49032"
},
{
"db": "PACKETSTORM",
"id": "48601"
},
{
"db": "PACKETSTORM",
"id": "49350"
},
{
"db": "PACKETSTORM",
"id": "48641"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
},
{
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#670060"
},
{
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"db": "VULHUB",
"id": "VHN-19785"
},
{
"db": "BID",
"id": "19181"
},
{
"db": "BID",
"id": "19192"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"db": "PACKETSTORM",
"id": "48662"
},
{
"db": "PACKETSTORM",
"id": "48661"
},
{
"db": "PACKETSTORM",
"id": "49029"
},
{
"db": "PACKETSTORM",
"id": "49032"
},
{
"db": "PACKETSTORM",
"id": "48601"
},
{
"db": "PACKETSTORM",
"id": "49350"
},
{
"db": "PACKETSTORM",
"id": "48641"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
},
{
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-27T00:00:00",
"db": "CERT/CC",
"id": "VU#670060"
},
{
"date": "2006-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"date": "2006-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-19785"
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19181"
},
{
"date": "2006-07-26T00:00:00",
"db": "BID",
"id": "19192"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"date": "2006-07-28T03:34:15",
"db": "PACKETSTORM",
"id": "48662"
},
{
"date": "2006-07-28T03:32:28",
"db": "PACKETSTORM",
"id": "48661"
},
{
"date": "2006-08-17T08:49:38",
"db": "PACKETSTORM",
"id": "49029"
},
{
"date": "2006-08-17T08:57:00",
"db": "PACKETSTORM",
"id": "49032"
},
{
"date": "2006-07-28T01:04:26",
"db": "PACKETSTORM",
"id": "48601"
},
{
"date": "2006-08-27T17:51:09",
"db": "PACKETSTORM",
"id": "49350"
},
{
"date": "2006-07-28T02:51:08",
"db": "PACKETSTORM",
"id": "48641"
},
{
"date": "2006-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-482"
},
{
"date": "2006-07-27T19:04:00",
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-02-09T00:00:00",
"db": "CERT/CC",
"id": "VU#670060"
},
{
"date": "2006-07-26T00:00:00",
"db": "ZDI",
"id": "ZDI-06-025"
},
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-19785"
},
{
"date": "2007-09-05T15:42:00",
"db": "BID",
"id": "19181"
},
{
"date": "2007-09-05T02:11:00",
"db": "BID",
"id": "19192"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000445"
},
{
"date": "2006-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-482"
},
{
"date": "2018-10-18T16:48:49.630000",
"db": "NVD",
"id": "CVE-2006-3677"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "48661"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Firefox Javascript Navigator Object Remote Code Execution Vulnerability",
"sources": [
{
"db": "BID",
"id": "19192"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-482"
}
],
"trust": 0.6
}
}
var-200611-0368
Vulnerability from variot
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. Mozilla According to, there have been reports of phishing cases where this password manager issue was exploited. Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain. Exploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks. Initial reports and preliminary testing indicate that this issue affects only Firefox 2. UPDATE: Firefox 2.0.0.10 is still vulnerable to the issue. UPDATE (March 17, 2008): Unconfirmed reports indicate that this issue affects Firefox 2.0.0.12; we will update this BID as more information emerges. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-08
http://security.gentoo.org/
Severity: Normal Title: SeaMonkey: Multiple vulnerabilities Date: March 09, 2007 Bugs: #165555 ID: 200703-08
Synopsis
Multiple vulnerabilities have been reported in SeaMonkey, some of which may allow user-assisted arbitrary remote code execution.
Background
The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/seamonkey < 1.1.1 >= 1.1.1 2 www-client/seamonkey-bin < 1.1.1 >= 1.1.1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. -------------------------------------------------------------------
Description
Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonkey. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. SeaMonkey also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. All those vulnerabilities are the same as in GLSA 200703-04 affecting Mozilla Firefox.
Impact
An attacker could entice a user to view a specially crafted web page or to read a specially crafted email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code. It is also possible for an attacker to spoof the address bar, steal information through cache collision, bypass the local file protection mechanism with pop-ups, or perform cross-site scripting attacks, leading to the exposure of sensitive information, such as user credentials.
Workaround
There is no known workaround at this time for all of these issues, but most of them can be avoided by disabling JavaScript. Note that the execution of JavaScript is disabled by default in the SeaMonkey email client, and enabling it is strongly discouraged.
Resolution
Users upgrading to the following release of SeaMonkey should note that the corresponding Mozilla Firefox upgrade has been found to lose the saved passwords file in some cases. The saved passwords are encrypted and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our users to save that file before performing the upgrade.
All SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.1"
All SeaMonkey binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.1"
References
[ 1 ] CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 [ 2 ] CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 [ 3 ] CVE-2007-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776 [ 4 ] CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 [ 5 ] CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 [ 6 ] CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 [ 7 ] CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 [ 8 ] CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 [ 9 ] CVE-2007-0801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801 [ 10 ] CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 [ 11 ] CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 [ 12 ] Mozilla Password Loss Bug https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200703-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: Netscape Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24289
VERIFY ADVISORY: http://secunia.com/advisories/24289/
CRITICAL: Highly critical
IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE: Netscape 8.x http://secunia.com/product/5134/
DESCRIPTION: Multiple vulnerabilities have been reported in Netscape, which can be exploited by malicious people to bypass certain security restrictions, gain knowledge of sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
See vulnerabilities #1, #2, #6, and #7 for more information: SA24205
The vulnerabilities have been reported in version 8.1.2.
SOLUTION: Do not browse untrusted sites and disable Javascript.
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html
OTHER REFERENCES: SA24175: http://secunia.com/advisories/24175/
SA24205: http://secunia.com/advisories/24205/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 1336-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 22nd, 2007 http://www.debian.org/security/faq
Package : mozilla-firefox Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077
Several remote vulnerabilities have been discovered in Mozilla Firefox.
This will be the last security update of Mozilla-based products for the oldstable (sarge) distribution of Debian. We recommend to upgrade to stable (etch) as soon as possible.
The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CVE-2007-1282
It was discovered that an integer overflow in text/enhanced message
parsing allows the execution of arbitrary code.
CVE-2007-0994
It was discovered that a regression in the Javascript engine allows
the execution of Javascript with elevated privileges.
CVE-2007-0995
It was discovered that incorrect parsing of invalid HTML characters
allows the bypass of content filters.
CVE-2007-0996
It was discovered that insecure child frame handling allows cross-site
scripting.
CVE-2007-0981
It was discovered that Firefox handles URI withs a null byte in the
hostname insecurely.
CVE-2007-0008
It was discovered that a buffer overflow in the NSS code allows the
execution of arbitrary code.
CVE-2007-0009
It was discovered that a buffer overflow in the NSS code allows the
execution of arbitrary code.
CVE-2007-0775
It was discovered that multiple programming errors in the layout engine
allow the execution of arbitrary code.
CVE-2007-0778
It was discovered that the page cache calculates hashes in an insecure
manner.
CVE-2006-6077
It was discovered that the password manager allows the disclosure of
passwords.
For the oldstable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge17. You should upgrade to etch as soon as possible.
The stable distribution (etch) isn't affected. These vulnerabilities have been fixed prior to the release of Debian etch.
The unstable distribution (sid) no longer contains mozilla-firefox. Iceweasel is already fixed.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc
Size/MD5 checksum: 1641 36715bb647cb3b7cd117edee90a34bfd
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz
Size/MD5 checksum: 553311 4ba992e60e5c6b156054c5105b1134ae
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb
Size/MD5 checksum: 11221890 5d8d1de73d162edf8ddbaa40844bb454
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb
Size/MD5 checksum: 172696 42d5c31ec7a2e3163846c347f04773df
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb
Size/MD5 checksum: 63574 238529b9d4ae396dc01d786d4fb843b4
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb
Size/MD5 checksum: 9429140 8394fcd85a7218db784160702efc5249
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb
Size/MD5 checksum: 166496 795a8ec3e1aa1b0a718ad6f4439670ef
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb
Size/MD5 checksum: 62022 ef315cc90c3780ff151cd2271e913859
ARM architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb
Size/MD5 checksum: 8244544 71eaf9cb5418a77410ff12c7f36eb32b
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb
Size/MD5 checksum: 157966 5e2e22d04a33ccbc0e6b19b4c4d43492
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb
Size/MD5 checksum: 57358 6f34a7a02114e48cadc6860b86f75130
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb
Size/MD5 checksum: 10301620 3700a0b7dcb0ab061b3521e2a3f232f9
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb
Size/MD5 checksum: 169432 387b8fa52d406dfdd26c3adc3ccac615
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb
Size/MD5 checksum: 62500 80addaf2d87b6952fdc9104c5fc9dfde
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb
Size/MD5 checksum: 8919924 8fc67257357687c8611b3e4e5389aee4
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb
Size/MD5 checksum: 161684 6c989c4276e34c6031b6185418a8ddb1
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb
Size/MD5 checksum: 58896 7e48aa697c8c17f7d22de860a17e7dfd
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb
Size/MD5 checksum: 11664142 aa008699700ba3c8b45d3a8961e99192
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb
Size/MD5 checksum: 172030 e79af50f04490de310cda7f6ce652d44
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb
Size/MD5 checksum: 66718 8cabdbf0919ac447c5d492ef6227d9af
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb
Size/MD5 checksum: 8196148 e3544446b371fd7ed4b79e53f69b556a
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb
Size/MD5 checksum: 160556 0164d4c0f675a020643ccedf94a55eb8
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb
Size/MD5 checksum: 58168 b429907e69e8daa7d51e45552659da27
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb
Size/MD5 checksum: 9954006 0eb0513fc950e7cd8abcae9666b24a7b
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb
Size/MD5 checksum: 159496 ca0585a663a5470d3a62ae0786864beb
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb
Size/MD5 checksum: 59170 22ea96156de56d046a7afd73d4857419
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb
Size/MD5 checksum: 9831728 dda6865c7290fce658847f0909617c73
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb
Size/MD5 checksum: 159060 e7a7c4db0f5df82f84ceef6827df2bea
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb
Size/MD5 checksum: 58984 b0b02ac1c62041db8d377a7ff40c013c
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb
Size/MD5 checksum: 8587718 8d219ce9e684b86babfe31db9d7d9658
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb
Size/MD5 checksum: 159762 41f3707945d5edae6ee1ac90bdef5cab
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb
Size/MD5 checksum: 60936 1a79408acd12828a3710393e05d99914
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb
Size/MD5 checksum: 9667078 5838d957637b4d4c2c19afea0dd68db5
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb
Size/MD5 checksum: 167092 4dd6de7299014d5e0c13da8e480a7f3c
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb
Size/MD5 checksum: 61472 64d10c667ed4c6c12947c49f5cca8ff6
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb
Size/MD5 checksum: 8680322 241cddabdf91eb14b0a6529ffc84a51d
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb
Size/MD5 checksum: 160304 7887081b85d3ead3994a997608bbe22a
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb
Size/MD5 checksum: 57718 4a4eeeb0815cb03d51f74965403911ad
These files will probably be moved into the oldstable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iD8DBQFGo5b7Xm3vHE4uyloRAsdgAKDTo6NxeylHh30syJpFeyF5/Yr/XwCdH188 NdI5zd36oN5mVqIDUsqYC3o= =/qY/ -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-428-1 February 26, 2007 firefox vulnerabilities CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 Ubuntu 6.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 5.10: firefox 1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1
Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1 libnspr4 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1 libnss3 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1
Ubuntu 6.10: firefox 2.0.0.2+0dfsg-0ubuntu0.6.10 libnspr4 2.0.0.2+0dfsg-0ubuntu0.6.10 libnss3 2.0.0.2+0dfsg-0ubuntu0.6.10
After a standard system upgrade you need to restart Firefox to effect the necessary changes.
Details follow:
Several flaws have been found that could be used to perform Cross-site scripting attacks. A malicious web site could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)
The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate. A malicious SSL web site using SSLv2 could potentially exploit this to execute arbitrary code with the user's privileges. (CVE-2007-0008)
The SSLv2 protocol support in the NSS library did not sufficiently verify the validity of client master keys presented in an SSL client certificate. (CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-1092)
Two web pages could collide in the disk cache with the result that depending on order loaded the end of the longer document could be appended to the shorter when the shorter one was reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal some sensitive data from a particular web page. The potential victim would have to be already logged into the targeted service (or be fooled into doing so) and then visit the malicious site. (CVE-2007-0778)
David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using custom cursor images and a specially crafted style sheet. (CVE-2007-0779)
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.diff.gz
Size/MD5: 176831 76744cf2123e13143408e37deb2311c0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.dsc
Size/MD5: 1063 eac4c86acb16ad4cf85604e5cc9f441c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10.orig.tar.gz
Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_all.deb
Size/MD5: 50314 d17e00b536378e1710c918f2b834e513
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_all.deb
Size/MD5: 51208 abdc905b5e3c31c05a427defdc9035bc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 3167242 01f67e394a7b569df52fd02513712811
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 217230 bc5d29d293abc4665c052c0fc76aef79
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 83544 d7978eba50c0e82d4e3606240e38e3fa
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb
Size/MD5: 10311286 4ea4f615c24ecceae90e7b432ddb5e4a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb
Size/MD5: 3167298 571b158ab384827e881ab52d05c7afcb
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb
Size/MD5: 210744 0092218d208b41e1a72b1303a77b3238
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb
Size/MD5: 75946 21eda2226572b3c3143f8e4ab8145ba6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb
Size/MD5: 8712048 66138335623748c529c3050084ceadaa
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 3167330 7cdba77a564720cf82ea475eace3aef5
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 214166 630d44a2240aa9d8790de3db3e9b05ff
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 79138 f4b3d39d326f77acde26161d1d66c84b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb
Size/MD5: 9899346 9066e6747aa0337985a1f29f4e64cffd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 3167284 e6726b6ed59b5c083796ae93c6eedc64
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 211730 b1f127d2df48b09c7b404f09754c71be
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 77516 8b430af0eadfa18b180f2637fafa7a5e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb
Size/MD5: 9227232 727146f6c93a565f8aabda0a1bbfc80b
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1.diff.gz
Size/MD5: 177547 396588ea856af87e8137682342648d1d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1.dsc
Size/MD5: 1120 1625dcf8053738851d0a2978b6f0e315
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10.orig.tar.gz
Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_all.deb
Size/MD5: 50410 66f8a212fb4dbf22b9c8abbb21650d2c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_all.deb
Size/MD5: 51296 8dc3631d49303156f74ba2e0ad72c744
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 47439362 0e8e0cc7f0385fc74a953610f7f41c11
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 2804532 a9c1cd1a790a715b6ad58785cb0eea01
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 217360 f217f66f7563f80f309e065a44a08cfb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 83620 0b3738208c8069b8a5449a59ae604293
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 9553646 c66621583e808b88663b200ad3238f7a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 220158 e4f1cc5b0c2edc41cf1e4c6aa3051a33
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 163484 e1c0ab1f05132b717751783ccc0c22c1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 245468 10d43347432618aaa140c081c20ed10f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb
Size/MD5: 710556 53cb8cc7e3a7d346630184980df34ff5
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 44003676 a53682ff42f56d8dd494c96d2e3817d5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 2804534 281bc91e92c6224df7c77b4ce2840e1b
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 210766 0d2d6ecfaa6ad0b629fc78159a8ba0f3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 75992 fc370791f6533f01409d3b369505766a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 8044874 cbda163790d814d785831358cb53cabc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 220160 2067d9432ff164e7344bd8142bb026ff
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 148072 274cd0206aafa1a5ad02dbe279a37216
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 245474 ed709e80de120a795d79df237b6dd421
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb
Size/MD5: 616162 766f3224ad0924ae1d47c6970a2bfd16
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 48831230 a594a826614ab062cb8e12a5e67a7115
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 2804524 01b3f645267c4b3b166a6dcdebe099cf
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 214208 d5563084e7a175423a1a27d98270c5a7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 79110 fa20295177cf290ee980127c3ed1ff33
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 9215262 f641d7657a284bd049c75d5119512013
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 220160 b684d9f82943b8698b9f369737cd318a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 160684 0919604b7e446d0a7923968ee1d0357b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 245472 d9e5620a0672e46e89a90123430e78ae
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb
Size/MD5: 655490 5c4225025b12a75900899859c6b616d1
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 45406824 2ade39640c714000138eec2c5b8691f9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 2804570 0f0d35704d9f00e41c3ccce5535cb9ce
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 211712 f88704bb8c6671debcfae882f408c607
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 77564 d5b89bc054fb2c6cf0089b04c727d0a7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 8571602 6eb03eae7ffb19c3afc766a016d2e723
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 220156 a92bbd2e0e9a936355abeaae9376264c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 150554 85be23282c348b3de7bf3786aa56a5a6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 245474 dd03340bae55531e40a887ad5204c774
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb
Size/MD5: 599816 04b5ea1db1aa17f292481d913eddecb5
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10.diff.gz
Size/MD5: 322293 4d8894d022833e46c25d5e6ce269ee5b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10.dsc
Size/MD5: 1218 c6708c7c771a995e0ec709cc022ce61a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg.orig.tar.gz
Size/MD5: 46466665 f6dad051f9995ebba310e8cd6497ae9f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 236878 52d4d42a0881949da47a5f7946d2edec
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55668 a379aaf8d4f67465c0e71aaa852a3b8a
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dom-inspector_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55762 aea5774743b8e3bc90c8349099e9c423
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 55776 85b1c150c432f3fc2038a5ff3a5804ed
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb
Size/MD5: 56574 91e46691914551281676003e3b6589bb
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 50341952 381fc5626f047660d2bdd680824db54d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 3120906 263ed42e4bdbcc4ba3010744cb900160
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 90062 198b64dcde3d7e1eb9bed2aeb32ce808
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 10399974 e3adef875d5fefa75c56fdf614183bdc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 225444 9a1465fcc7386edba0fb81d00079066e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 168168 1ccb3b97ed970c07bbdf6fb769f2e4b5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 250820 df7c647e48cb8941a0421d5f1a5c4661
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb
Size/MD5: 862110 87c01e4266d1c06d1097e5f8a58806d2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 49498816 4c61ffe25628585a91e1d90180997343
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 3111488 1ec3b0bbe8564828421f381ed8b0d5fb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 83792 91c2b8d2410921fd6e19c742e9552550
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 9225462 4c0d2cb608ee830bdc38b7f8d89f9a33
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 225434 5293ae8d41c018d4a956555c189fd7f6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 157774 cc2c474e306b1d80db79cdba936c2ee6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 250794 42e6e643fb73ae668e569ec3d5052ea9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb
Size/MD5: 785948 fefc874278ea69ba2a8b518d6826e158
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 52033226 d7ddf5236086638446d6ea4775c833ee
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3117424 0a5038c00b1997b6c7b72f16e1ca85e7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 85668 25e4f56d5311cc9e3a0ecaf28d6189ff
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 10067834 1758c9d69c571c0d7bf9ec20b74e2a33
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 225432 241089d26f31cb5e0816debe7b09a55d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 166830 dd932812a920701677df9b3bf9970023
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 250798 65cddc61ad6f809004d342dcdf07c2cc
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb
Size/MD5: 860802 217ffcce7a3a99cabd9b4cff500281a8
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 49550142 e432529be2a2c6b7b327ede81d2cc1c3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 3108058 4a2bc97252c385fe323b56b7fb03c64f
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 83484 8d24e2420d7d2188a620674aa566956d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 9493984 e311cd75fa46ed1a47958f6883ea65aa
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 225444 fdcd4bf5450574bcbe7d3aca89dbc403
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 155678 a99e5fc7bef8c29e0e89c48288144fc6
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 250800 dd3473d37b593e55c82f5dce245bebe0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb
Size/MD5: 766616 ba23d67757ddc39888e92f6af56ec67d
.
Update:
A regression was found in the latest Firefox packages provided where changes to library paths caused applications that depended on the NSS libraries (such as Thunderbird and Evolution) to fail to start or fail to load certain SSL-related security components. These new packages correct that problem and we apologize for any inconvenience the previous update may have caused.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-04.html http://www.mozilla.org/security/announce/2007/mfsa2007-05.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html http://www.mozilla.org/security/announce/2007/mfsa2007-08.html
Updated Packages:
Mandriva Linux 2007.0: 411bc0bdd8dc32950a84c77ed3319508 2007.0/i586/libmozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.i586.rpm 9ceb031931003fb861882f4455c6648b 2007.0/i586/libmozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.i586.rpm db615eadf763927182c8657d11b1ae54 2007.0/i586/libnspr4-1.5.0.10-2mdv2007.0.i586.rpm bd7dca3e972f552b5dd347822e17f1e1 2007.0/i586/libnspr4-devel-1.5.0.10-2mdv2007.0.i586.rpm bb4709aa4bf277e32c25e07d93641802 2007.0/i586/libnspr4-static-devel-1.5.0.10-2mdv2007.0.i586.rpm babf7d44d0340cd51f45249d3002180e 2007.0/i586/libnss3-1.5.0.10-2mdv2007.0.i586.rpm 19a967982b748b879b1904d5bcea174d 2007.0/i586/libnss3-devel-1.5.0.10-2mdv2007.0.i586.rpm 6333bab7a5d530836fa5a64383bcdd30 2007.0/i586/mozilla-firefox-1.5.0.10-2mdv2007.0.i586.rpm 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 9fe9779d9d02f0aa73d28096cc237d00 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.x86_64.rpm 3c0a879b450f5c2569eb81d397a82906 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 338d81330e754d5ffd22dea67c2fbfd2 2007.0/x86_64/lib64nspr4-1.5.0.10-2mdv2007.0.x86_64.rpm 0c840ec9a78c48d975db6bca80e53caa 2007.0/x86_64/lib64nspr4-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 3f1ba2da63bf990b3958f184bdf4d96f 2007.0/x86_64/lib64nspr4-static-devel-1.5.0.10-2mdv2007.0.x86_64.rpm cd9ef9efe9f859467a07bfc20899156d 2007.0/x86_64/lib64nss3-1.5.0.10-2mdv2007.0.x86_64.rpm d6243e7d7c76a5ff5a418f7304cdcff2 2007.0/x86_64/lib64nss3-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 0fec2d70c6a797521304598b802d03b1 2007.0/x86_64/mozilla-firefox-1.5.0.10-2mdv2007.0.x86_64.rpm 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm
Corporate 3.0: 24fbf58752279b3a5ec8d186d7c6142b corporate/3.0/i586/libnspr4-1.5.0.10-1.1.C30mdk.i586.rpm cc59dd85bcdc065ed4ee7f3d299e971a corporate/3.0/i586/libnspr4-devel-1.5.0.10-1.1.C30mdk.i586.rpm 284b6bf1210fb854361a9af3062528e1 corporate/3.0/i586/libnspr4-static-devel-1.5.0.10-1.1.C30mdk.i586.rpm cf17ffa7ff1734b850c7f7a5b7f780ee corporate/3.0/i586/libnss3-1.5.0.10-1.1.C30mdk.i586.rpm 82e74bce4abb564958d0225bc94687d6 corporate/3.0/i586/libnss3-devel-1.5.0.10-1.1.C30mdk.i586.rpm 5af5da7a1f51c609568f03b2026c0687 corporate/3.0/i586/mozilla-firefox-1.5.0.10-1.1.C30mdk.i586.rpm df2d940bf4af073e1dc983c1143a8079 corporate/3.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.i586.rpm efd17411a1dc5bed3d7e79f0a28b4073 corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64: be6fa4a501b973f9016716ae6ffb1b25 corporate/3.0/x86_64/lib64nspr4-1.5.0.10-1.1.C30mdk.x86_64.rpm a06bb78d6531ffac3e750236a0cb13de corporate/3.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm 2f2dd393236be80e8f8ca226145115e7 corporate/3.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm 3a42bca7fd7ab26e65bf0a4ca7485db1 corporate/3.0/x86_64/lib64nss3-1.5.0.10-1.1.C30mdk.x86_64.rpm 68cef069c9e2d4f1336c58e8e5f126ca corporate/3.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm 0bd6c6adc8fd1be8d3b02fb5505c9330 corporate/3.0/x86_64/mozilla-firefox-1.5.0.10-1.1.C30mdk.x86_64.rpm 27262a966199c19006327fa21dab1f69 corporate/3.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm efd17411a1dc5bed3d7e79f0a28b4073 corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm
Corporate 4.0: 0f782ea68bc9177e333dd77c26eeec7f corporate/4.0/i586/libnspr4-1.5.0.10-1.1.20060mlcs4.i586.rpm 408511a886dd0619f4ae9a1d93137eeb corporate/4.0/i586/libnspr4-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 6b3ad9cf7c2f4b7a008c6fd9c584289b corporate/4.0/i586/libnspr4-static-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 31927dd82ca439052fe166e6b2864e07 corporate/4.0/i586/libnss3-1.5.0.10-1.1.20060mlcs4.i586.rpm 021eef345d030d8112f227b0b2c3a0f6 corporate/4.0/i586/libnss3-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 2485f65a1860840e7abe7cd5a447c538 corporate/4.0/i586/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.i586.rpm ef609ec54c3e70b47067668f68c74e65 corporate/4.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 64e5ea6cd7dc856aa4f7eda630e40d14 corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: fab1a497ea9801a29637f049e520422b corporate/4.0/x86_64/lib64nspr4-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 647d403327794eb30e81e6b91b407dd1 corporate/4.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 247c6c555fe4917bbdf3ae884ac309ba corporate/4.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 710e426e4200912e2b4718d1c0613c58 corporate/4.0/x86_64/lib64nss3-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 2efe3ddeb772f3d706f429bccd34675c corporate/4.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 13e414365c4f1d3768a375cf29a40aa4 corporate/4.0/x86_64/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 261d63f5547804f20ee022290429c866 corporate/4.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 64e5ea6cd7dc856aa4f7eda630e40d14 corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFF6H18mqjQ0CJFipgRAna2AJ9Qa8Vf923jNIzai9QzQOOS4NRETgCgyICD +eNPSjeb5EQGZ6E5dYWPNSM= =AgMP -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200611-0368",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "navigator",
"scope": "eq",
"trust": 1.6,
"vendor": "netscape",
"version": "8.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"model": "firefox",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "firefox",
"scope": "lte",
"trust": 0.8,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"model": "firefox",
"scope": "lte",
"trust": 0.8,
"vendor": "mozilla",
"version": "2.0.0.1"
},
{
"model": "seamonkey",
"scope": "lte",
"trust": 0.8,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "turbolinux",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10_f"
},
{
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux multimedia",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"model": "turbolinux personal",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"model": "home",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"model": "netscape",
"scope": "eq",
"trust": 0.8,
"vendor": "netscape",
"version": "8.1.2 ( other may also be affected. )"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "rhel optional productivity applications",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0x86"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.1x86"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.8"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.6"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.52"
},
{
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "home",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.0x86"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.10"
},
{
"model": "fedora core5",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8.4"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.2"
},
{
"model": "firefox rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.51"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "firefox rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "f...",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10"
},
{
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9.3x86"
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8.3"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "fedora core6",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.4"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "seamonkey dev",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.12"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "camino",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "browser",
"scope": "eq",
"trust": 0.3,
"vendor": "netscape",
"version": "8.1.2"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "camino",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.1"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "21240"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
},
{
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netscape:navigator:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Chapin discovered this weakness.",
"sources": [
{
"db": "BID",
"id": "21240"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
}
],
"trust": 0.9
},
"cve": "CVE-2006-6077",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-6077",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-22185",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6077",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200611-402",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-22185",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22185"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
},
{
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. Mozilla According to, there have been reports of phishing cases where this password manager issue was exploited. Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain. \nExploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks. \nInitial reports and preliminary testing indicate that this issue affects only Firefox 2. \nUPDATE: Firefox 2.0.0.10 is still vulnerable to the issue. \nUPDATE (March 17, 2008): Unconfirmed reports indicate that this issue affects Firefox 2.0.0.12; we will update this BID as more information emerges. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200703-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: SeaMonkey: Multiple vulnerabilities\n Date: March 09, 2007\n Bugs: #165555\n ID: 200703-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been reported in SeaMonkey, some of which\nmay allow user-assisted arbitrary remote code execution. \n\nBackground\n==========\n\nThe SeaMonkey project is a community effort to deliver\nproduction-quality releases of code derived from the application\nformerly known as the \u0027Mozilla Application Suite\u0027. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/seamonkey \u003c 1.1.1 \u003e= 1.1.1\n 2 www-client/seamonkey-bin \u003c 1.1.1 \u003e= 1.1.1\n -------------------------------------------------------------------\n 2 affected packages on all of their supported architectures. \n -------------------------------------------------------------------\n\nDescription\n===========\n\nTom Ferris reported a heap-based buffer overflow involving wide SVG\nstroke widths that affects SeaMonkey. Various researchers reported some\nerrors in the JavaScript engine potentially leading to memory\ncorruption. SeaMonkey also contains minor vulnerabilities involving\ncache collision and unsafe pop-up restrictions, filtering or CSS\nrendering under certain conditions. All those vulnerabilities are the\nsame as in GLSA 200703-04 affecting Mozilla Firefox. \n\nImpact\n======\n\nAn attacker could entice a user to view a specially crafted web page or\nto read a specially crafted email that will trigger one of the\nvulnerabilities, possibly leading to the execution of arbitrary code. \nIt is also possible for an attacker to spoof the address bar, steal\ninformation through cache collision, bypass the local file protection\nmechanism with pop-ups, or perform cross-site scripting attacks,\nleading to the exposure of sensitive information, such as user\ncredentials. \n\nWorkaround\n==========\n\nThere is no known workaround at this time for all of these issues, but\nmost of them can be avoided by disabling JavaScript. Note that the\nexecution of JavaScript is disabled by default in the SeaMonkey email\nclient, and enabling it is strongly discouraged. \n\nResolution\n==========\n\nUsers upgrading to the following release of SeaMonkey should note that\nthe corresponding Mozilla Firefox upgrade has been found to lose the\nsaved passwords file in some cases. The saved passwords are encrypted\nand stored in the \u0027signons.txt\u0027 file of ~/.mozilla/ and we advise our\nusers to save that file before performing the upgrade. \n\nAll SeaMonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-1.1.1\"\n\nAll SeaMonkey binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-1.1.1\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-6077\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077\n [ 2 ] CVE-2007-0775\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775\n [ 3 ] CVE-2007-0776\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776\n [ 4 ] CVE-2007-0777\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777\n [ 5 ] CVE-2007-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778\n [ 6 ] CVE-2007-0779\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779\n [ 7 ] CVE-2007-0780\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780\n [ 8 ] CVE-2007-0800\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800\n [ 9 ] CVE-2007-0801\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801\n [ 10 ] CVE-2007-0981\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981\n [ 11 ] CVE-2007-0995\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995\n [ 12 ] Mozilla Password Loss Bug\n https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200703-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nNetscape Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24289\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24289/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Exposure of sensitive\ninformation, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNetscape 8.x\nhttp://secunia.com/product/5134/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Netscape, which can be\nexploited by malicious people to bypass certain security restrictions,\ngain knowledge of sensitive information, conduct cross-site scripting\nattacks, or potentially compromise a user\u0027s system. \n\nSee vulnerabilities #1, #2, #6, and #7 for more information:\nSA24205\n\nThe vulnerabilities have been reported in version 8.1.2. \n\nSOLUTION:\nDo not browse untrusted sites and disable Javascript. \n\nORIGINAL ADVISORY:\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-02.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-03.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-06.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-07.html\n\nOTHER REFERENCES:\nSA24175:\nhttp://secunia.com/advisories/24175/\n\nSA24205:\nhttp://secunia.com/advisories/24205/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1336-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 22nd, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : mozilla-firefox\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077\n\nSeveral remote vulnerabilities have been discovered in Mozilla Firefox. \n\nThis will be the last security update of Mozilla-based products for\nthe oldstable (sarge) distribution of Debian. We recommend to upgrade\nto stable (etch) as soon as possible. \n\nThe Common Vulnerabilities and Exposures project identifies the following\nvulnerabilities:\n\nCVE-2007-1282\n\n It was discovered that an integer overflow in text/enhanced message\n parsing allows the execution of arbitrary code. \n\nCVE-2007-0994\n\n It was discovered that a regression in the Javascript engine allows\n the execution of Javascript with elevated privileges. \n\nCVE-2007-0995\n\n It was discovered that incorrect parsing of invalid HTML characters\n allows the bypass of content filters. \n\nCVE-2007-0996\n\n It was discovered that insecure child frame handling allows cross-site\n scripting. \n\nCVE-2007-0981\n\n It was discovered that Firefox handles URI withs a null byte in the\n hostname insecurely. \n\nCVE-2007-0008\n\n It was discovered that a buffer overflow in the NSS code allows the\n execution of arbitrary code. \n\nCVE-2007-0009\n\n It was discovered that a buffer overflow in the NSS code allows the\n execution of arbitrary code. \n\nCVE-2007-0775\n\n It was discovered that multiple programming errors in the layout engine\n allow the execution of arbitrary code. \n\nCVE-2007-0778\n\n It was discovered that the page cache calculates hashes in an insecure\n manner. \n\nCVE-2006-6077\n\n It was discovered that the password manager allows the disclosure of\n passwords. \n\nFor the oldstable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge17. You should upgrade to etch as soon as possible. \n\nThe stable distribution (etch) isn\u0027t affected. These vulnerabilities have\nbeen fixed prior to the release of Debian etch. \n\nThe unstable distribution (sid) no longer contains mozilla-firefox. Iceweasel\nis already fixed. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc\n Size/MD5 checksum: 1641 36715bb647cb3b7cd117edee90a34bfd\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz\n Size/MD5 checksum: 553311 4ba992e60e5c6b156054c5105b1134ae\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz\n Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb\n Size/MD5 checksum: 11221890 5d8d1de73d162edf8ddbaa40844bb454\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb\n Size/MD5 checksum: 172696 42d5c31ec7a2e3163846c347f04773df\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb\n Size/MD5 checksum: 63574 238529b9d4ae396dc01d786d4fb843b4\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb\n Size/MD5 checksum: 9429140 8394fcd85a7218db784160702efc5249\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb\n Size/MD5 checksum: 166496 795a8ec3e1aa1b0a718ad6f4439670ef\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb\n Size/MD5 checksum: 62022 ef315cc90c3780ff151cd2271e913859\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb\n Size/MD5 checksum: 8244544 71eaf9cb5418a77410ff12c7f36eb32b\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb\n Size/MD5 checksum: 157966 5e2e22d04a33ccbc0e6b19b4c4d43492\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb\n Size/MD5 checksum: 57358 6f34a7a02114e48cadc6860b86f75130\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb\n Size/MD5 checksum: 10301620 3700a0b7dcb0ab061b3521e2a3f232f9\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb\n Size/MD5 checksum: 169432 387b8fa52d406dfdd26c3adc3ccac615\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb\n Size/MD5 checksum: 62500 80addaf2d87b6952fdc9104c5fc9dfde\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb\n Size/MD5 checksum: 8919924 8fc67257357687c8611b3e4e5389aee4\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb\n Size/MD5 checksum: 161684 6c989c4276e34c6031b6185418a8ddb1\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb\n Size/MD5 checksum: 58896 7e48aa697c8c17f7d22de860a17e7dfd\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb\n Size/MD5 checksum: 11664142 aa008699700ba3c8b45d3a8961e99192\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb\n Size/MD5 checksum: 172030 e79af50f04490de310cda7f6ce652d44\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb\n Size/MD5 checksum: 66718 8cabdbf0919ac447c5d492ef6227d9af\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb\n Size/MD5 checksum: 8196148 e3544446b371fd7ed4b79e53f69b556a\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb\n Size/MD5 checksum: 160556 0164d4c0f675a020643ccedf94a55eb8\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb\n Size/MD5 checksum: 58168 b429907e69e8daa7d51e45552659da27\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb\n Size/MD5 checksum: 9954006 0eb0513fc950e7cd8abcae9666b24a7b\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb\n Size/MD5 checksum: 159496 ca0585a663a5470d3a62ae0786864beb\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb\n Size/MD5 checksum: 59170 22ea96156de56d046a7afd73d4857419\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb\n Size/MD5 checksum: 9831728 dda6865c7290fce658847f0909617c73\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb\n Size/MD5 checksum: 159060 e7a7c4db0f5df82f84ceef6827df2bea\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb\n Size/MD5 checksum: 58984 b0b02ac1c62041db8d377a7ff40c013c\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb\n Size/MD5 checksum: 8587718 8d219ce9e684b86babfe31db9d7d9658\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb\n Size/MD5 checksum: 159762 41f3707945d5edae6ee1ac90bdef5cab\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb\n Size/MD5 checksum: 60936 1a79408acd12828a3710393e05d99914\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb\n Size/MD5 checksum: 9667078 5838d957637b4d4c2c19afea0dd68db5\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb\n Size/MD5 checksum: 167092 4dd6de7299014d5e0c13da8e480a7f3c\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb\n Size/MD5 checksum: 61472 64d10c667ed4c6c12947c49f5cca8ff6\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb\n Size/MD5 checksum: 8680322 241cddabdf91eb14b0a6529ffc84a51d\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb\n Size/MD5 checksum: 160304 7887081b85d3ead3994a997608bbe22a\n http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb\n Size/MD5 checksum: 57718 4a4eeeb0815cb03d51f74965403911ad\n\n These files will probably be moved into the oldstable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFGo5b7Xm3vHE4uyloRAsdgAKDTo6NxeylHh30syJpFeyF5/Yr/XwCdH188\nNdI5zd36oN5mVqIDUsqYC3o=\n=/qY/\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. =========================================================== \nUbuntu Security Notice USN-428-1 February 26, 2007\nfirefox vulnerabilities\nCVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775,\nCVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779,\nCVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995,\nCVE-2007-0996, CVE-2007-1092\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 5.10\nUbuntu 6.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 5.10:\n firefox 1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1\n\nUbuntu 6.06 LTS:\n firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1\n libnspr4 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1\n libnss3 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1\n\nUbuntu 6.10:\n firefox 2.0.0.2+0dfsg-0ubuntu0.6.10\n libnspr4 2.0.0.2+0dfsg-0ubuntu0.6.10\n libnss3 2.0.0.2+0dfsg-0ubuntu0.6.10\n\nAfter a standard system upgrade you need to restart Firefox to effect\nthe necessary changes. \n\nDetails follow:\n\nSeveral flaws have been found that could be used to perform Cross-site\nscripting attacks. A malicious web site could exploit these to modify\nthe contents or steal confidential data (such as passwords) from other\nopened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,\nCVE-2007-0981, CVE-2007-0995, CVE-2007-0996)\n\nThe SSLv2 protocol support in the NSS library did not sufficiently\ncheck the validity of public keys presented with a SSL certificate. A\nmalicious SSL web site using SSLv2 could potentially exploit this to\nexecute arbitrary code with the user\u0027s privileges. (CVE-2007-0008)\n\nThe SSLv2 protocol support in the NSS library did not sufficiently\nverify the validity of client master keys presented in an SSL client\ncertificate. (CVE-2007-0775, CVE-2007-0776,\nCVE-2007-0777, CVE-2007-1092)\n\nTwo web pages could collide in the disk cache with the result that\ndepending on order loaded the end of the longer document could be\nappended to the shorter when the shorter one was reloaded from the\ncache. It is possible a determined hacker could construct a targeted\nattack to steal some sensitive data from a particular web page. The\npotential victim would have to be already logged into the targeted\nservice (or be fooled into doing so) and then visit the malicious\nsite. (CVE-2007-0778)\n\nDavid Eckel reported that browser UI elements--such as the host name\nand security indicators--could be spoofed by using custom cursor\nimages and a specially crafted style sheet. (CVE-2007-0779)\n\n\nUpdated packages for Ubuntu 5.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.diff.gz\n Size/MD5: 176831 76744cf2123e13143408e37deb2311c0\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.dsc\n Size/MD5: 1063 eac4c86acb16ad4cf85604e5cc9f441c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10.orig.tar.gz\n Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_all.deb\n Size/MD5: 50314 d17e00b536378e1710c918f2b834e513\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_all.deb\n Size/MD5: 51208 abdc905b5e3c31c05a427defdc9035bc\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb\n Size/MD5: 3167242 01f67e394a7b569df52fd02513712811\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb\n Size/MD5: 217230 bc5d29d293abc4665c052c0fc76aef79\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb\n Size/MD5: 83544 d7978eba50c0e82d4e3606240e38e3fa\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb\n Size/MD5: 10311286 4ea4f615c24ecceae90e7b432ddb5e4a\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb\n Size/MD5: 3167298 571b158ab384827e881ab52d05c7afcb\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb\n Size/MD5: 210744 0092218d208b41e1a72b1303a77b3238\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb\n Size/MD5: 75946 21eda2226572b3c3143f8e4ab8145ba6\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb\n Size/MD5: 8712048 66138335623748c529c3050084ceadaa\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb\n Size/MD5: 3167330 7cdba77a564720cf82ea475eace3aef5\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb\n Size/MD5: 214166 630d44a2240aa9d8790de3db3e9b05ff\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb\n Size/MD5: 79138 f4b3d39d326f77acde26161d1d66c84b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb\n Size/MD5: 9899346 9066e6747aa0337985a1f29f4e64cffd\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb\n Size/MD5: 3167284 e6726b6ed59b5c083796ae93c6eedc64\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb\n Size/MD5: 211730 b1f127d2df48b09c7b404f09754c71be\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb\n Size/MD5: 77516 8b430af0eadfa18b180f2637fafa7a5e\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb\n Size/MD5: 9227232 727146f6c93a565f8aabda0a1bbfc80b\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1.diff.gz\n Size/MD5: 177547 396588ea856af87e8137682342648d1d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1.dsc\n Size/MD5: 1120 1625dcf8053738851d0a2978b6f0e315\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10.orig.tar.gz\n Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_all.deb\n Size/MD5: 50410 66f8a212fb4dbf22b9c8abbb21650d2c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_all.deb\n Size/MD5: 51296 8dc3631d49303156f74ba2e0ad72c744\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 47439362 0e8e0cc7f0385fc74a953610f7f41c11\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 2804532 a9c1cd1a790a715b6ad58785cb0eea01\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 217360 f217f66f7563f80f309e065a44a08cfb\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 83620 0b3738208c8069b8a5449a59ae604293\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 9553646 c66621583e808b88663b200ad3238f7a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 220158 e4f1cc5b0c2edc41cf1e4c6aa3051a33\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 163484 e1c0ab1f05132b717751783ccc0c22c1\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 245468 10d43347432618aaa140c081c20ed10f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb\n Size/MD5: 710556 53cb8cc7e3a7d346630184980df34ff5\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 44003676 a53682ff42f56d8dd494c96d2e3817d5\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 2804534 281bc91e92c6224df7c77b4ce2840e1b\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 210766 0d2d6ecfaa6ad0b629fc78159a8ba0f3\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 75992 fc370791f6533f01409d3b369505766a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 8044874 cbda163790d814d785831358cb53cabc\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 220160 2067d9432ff164e7344bd8142bb026ff\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 148072 274cd0206aafa1a5ad02dbe279a37216\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 245474 ed709e80de120a795d79df237b6dd421\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb\n Size/MD5: 616162 766f3224ad0924ae1d47c6970a2bfd16\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 48831230 a594a826614ab062cb8e12a5e67a7115\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 2804524 01b3f645267c4b3b166a6dcdebe099cf\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 214208 d5563084e7a175423a1a27d98270c5a7\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 79110 fa20295177cf290ee980127c3ed1ff33\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 9215262 f641d7657a284bd049c75d5119512013\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 220160 b684d9f82943b8698b9f369737cd318a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 160684 0919604b7e446d0a7923968ee1d0357b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 245472 d9e5620a0672e46e89a90123430e78ae\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb\n Size/MD5: 655490 5c4225025b12a75900899859c6b616d1\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 45406824 2ade39640c714000138eec2c5b8691f9\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 2804570 0f0d35704d9f00e41c3ccce5535cb9ce\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 211712 f88704bb8c6671debcfae882f408c607\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 77564 d5b89bc054fb2c6cf0089b04c727d0a7\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 8571602 6eb03eae7ffb19c3afc766a016d2e723\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 220156 a92bbd2e0e9a936355abeaae9376264c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 150554 85be23282c348b3de7bf3786aa56a5a6\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 245474 dd03340bae55531e40a887ad5204c774\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb\n Size/MD5: 599816 04b5ea1db1aa17f292481d913eddecb5\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10.diff.gz\n Size/MD5: 322293 4d8894d022833e46c25d5e6ce269ee5b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10.dsc\n Size/MD5: 1218 c6708c7c771a995e0ec709cc022ce61a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg.orig.tar.gz\n Size/MD5: 46466665 f6dad051f9995ebba310e8cd6497ae9f\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb\n Size/MD5: 236878 52d4d42a0881949da47a5f7946d2edec\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb\n Size/MD5: 55668 a379aaf8d4f67465c0e71aaa852a3b8a\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dom-inspector_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb\n Size/MD5: 55762 aea5774743b8e3bc90c8349099e9c423\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb\n Size/MD5: 55776 85b1c150c432f3fc2038a5ff3a5804ed\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb\n Size/MD5: 56574 91e46691914551281676003e3b6589bb\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 50341952 381fc5626f047660d2bdd680824db54d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 3120906 263ed42e4bdbcc4ba3010744cb900160\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 90062 198b64dcde3d7e1eb9bed2aeb32ce808\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 10399974 e3adef875d5fefa75c56fdf614183bdc\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 225444 9a1465fcc7386edba0fb81d00079066e\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 168168 1ccb3b97ed970c07bbdf6fb769f2e4b5\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 250820 df7c647e48cb8941a0421d5f1a5c4661\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb\n Size/MD5: 862110 87c01e4266d1c06d1097e5f8a58806d2\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 49498816 4c61ffe25628585a91e1d90180997343\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 3111488 1ec3b0bbe8564828421f381ed8b0d5fb\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 83792 91c2b8d2410921fd6e19c742e9552550\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 9225462 4c0d2cb608ee830bdc38b7f8d89f9a33\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 225434 5293ae8d41c018d4a956555c189fd7f6\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 157774 cc2c474e306b1d80db79cdba936c2ee6\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 250794 42e6e643fb73ae668e569ec3d5052ea9\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb\n Size/MD5: 785948 fefc874278ea69ba2a8b518d6826e158\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 52033226 d7ddf5236086638446d6ea4775c833ee\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 3117424 0a5038c00b1997b6c7b72f16e1ca85e7\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 85668 25e4f56d5311cc9e3a0ecaf28d6189ff\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 10067834 1758c9d69c571c0d7bf9ec20b74e2a33\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 225432 241089d26f31cb5e0816debe7b09a55d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 166830 dd932812a920701677df9b3bf9970023\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 250798 65cddc61ad6f809004d342dcdf07c2cc\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb\n Size/MD5: 860802 217ffcce7a3a99cabd9b4cff500281a8\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 49550142 e432529be2a2c6b7b327ede81d2cc1c3\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 3108058 4a2bc97252c385fe323b56b7fb03c64f\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 83484 8d24e2420d7d2188a620674aa566956d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 9493984 e311cd75fa46ed1a47958f6883ea65aa\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 225444 fdcd4bf5450574bcbe7d3aca89dbc403\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 155678 a99e5fc7bef8c29e0e89c48288144fc6\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 250800 dd3473d37b593e55c82f5dce245bebe0\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb\n Size/MD5: 766616 ba23d67757ddc39888e92f6af56ec67d\n. \n\n Update:\n\n A regression was found in the latest Firefox packages provided where\n changes to library paths caused applications that depended on the NSS\n libraries (such as Thunderbird and Evolution) to fail to start or fail\n to load certain SSL-related security components. These new packages\n correct that problem and we apologize for any inconvenience the\n previous update may have caused. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092\n http://www.mozilla.org/security/announce/2007/mfsa2007-01.html\n http://www.mozilla.org/security/announce/2007/mfsa2007-02.html\n http://www.mozilla.org/security/announce/2007/mfsa2007-03.html\n http://www.mozilla.org/security/announce/2007/mfsa2007-04.html\n http://www.mozilla.org/security/announce/2007/mfsa2007-05.html\n http://www.mozilla.org/security/announce/2007/mfsa2007-06.html\n http://www.mozilla.org/security/announce/2007/mfsa2007-07.html\n http://www.mozilla.org/security/announce/2007/mfsa2007-08.html\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 411bc0bdd8dc32950a84c77ed3319508 2007.0/i586/libmozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.i586.rpm\n 9ceb031931003fb861882f4455c6648b 2007.0/i586/libmozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.i586.rpm\n db615eadf763927182c8657d11b1ae54 2007.0/i586/libnspr4-1.5.0.10-2mdv2007.0.i586.rpm\n bd7dca3e972f552b5dd347822e17f1e1 2007.0/i586/libnspr4-devel-1.5.0.10-2mdv2007.0.i586.rpm\n bb4709aa4bf277e32c25e07d93641802 2007.0/i586/libnspr4-static-devel-1.5.0.10-2mdv2007.0.i586.rpm\n babf7d44d0340cd51f45249d3002180e 2007.0/i586/libnss3-1.5.0.10-2mdv2007.0.i586.rpm\n 19a967982b748b879b1904d5bcea174d 2007.0/i586/libnss3-devel-1.5.0.10-2mdv2007.0.i586.rpm\n 6333bab7a5d530836fa5a64383bcdd30 2007.0/i586/mozilla-firefox-1.5.0.10-2mdv2007.0.i586.rpm \n 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 9fe9779d9d02f0aa73d28096cc237d00 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.x86_64.rpm\n 3c0a879b450f5c2569eb81d397a82906 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.x86_64.rpm\n 338d81330e754d5ffd22dea67c2fbfd2 2007.0/x86_64/lib64nspr4-1.5.0.10-2mdv2007.0.x86_64.rpm\n 0c840ec9a78c48d975db6bca80e53caa 2007.0/x86_64/lib64nspr4-devel-1.5.0.10-2mdv2007.0.x86_64.rpm\n 3f1ba2da63bf990b3958f184bdf4d96f 2007.0/x86_64/lib64nspr4-static-devel-1.5.0.10-2mdv2007.0.x86_64.rpm\n cd9ef9efe9f859467a07bfc20899156d 2007.0/x86_64/lib64nss3-1.5.0.10-2mdv2007.0.x86_64.rpm\n d6243e7d7c76a5ff5a418f7304cdcff2 2007.0/x86_64/lib64nss3-devel-1.5.0.10-2mdv2007.0.x86_64.rpm\n 0fec2d70c6a797521304598b802d03b1 2007.0/x86_64/mozilla-firefox-1.5.0.10-2mdv2007.0.x86_64.rpm \n 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 24fbf58752279b3a5ec8d186d7c6142b corporate/3.0/i586/libnspr4-1.5.0.10-1.1.C30mdk.i586.rpm\n cc59dd85bcdc065ed4ee7f3d299e971a corporate/3.0/i586/libnspr4-devel-1.5.0.10-1.1.C30mdk.i586.rpm\n 284b6bf1210fb854361a9af3062528e1 corporate/3.0/i586/libnspr4-static-devel-1.5.0.10-1.1.C30mdk.i586.rpm\n cf17ffa7ff1734b850c7f7a5b7f780ee corporate/3.0/i586/libnss3-1.5.0.10-1.1.C30mdk.i586.rpm\n 82e74bce4abb564958d0225bc94687d6 corporate/3.0/i586/libnss3-devel-1.5.0.10-1.1.C30mdk.i586.rpm\n 5af5da7a1f51c609568f03b2026c0687 corporate/3.0/i586/mozilla-firefox-1.5.0.10-1.1.C30mdk.i586.rpm\n df2d940bf4af073e1dc983c1143a8079 corporate/3.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.i586.rpm \n efd17411a1dc5bed3d7e79f0a28b4073 corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n be6fa4a501b973f9016716ae6ffb1b25 corporate/3.0/x86_64/lib64nspr4-1.5.0.10-1.1.C30mdk.x86_64.rpm\n a06bb78d6531ffac3e750236a0cb13de corporate/3.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm\n 2f2dd393236be80e8f8ca226145115e7 corporate/3.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm\n 3a42bca7fd7ab26e65bf0a4ca7485db1 corporate/3.0/x86_64/lib64nss3-1.5.0.10-1.1.C30mdk.x86_64.rpm\n 68cef069c9e2d4f1336c58e8e5f126ca corporate/3.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm\n 0bd6c6adc8fd1be8d3b02fb5505c9330 corporate/3.0/x86_64/mozilla-firefox-1.5.0.10-1.1.C30mdk.x86_64.rpm\n 27262a966199c19006327fa21dab1f69 corporate/3.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm \n efd17411a1dc5bed3d7e79f0a28b4073 corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm\n\n Corporate 4.0:\n 0f782ea68bc9177e333dd77c26eeec7f corporate/4.0/i586/libnspr4-1.5.0.10-1.1.20060mlcs4.i586.rpm\n 408511a886dd0619f4ae9a1d93137eeb corporate/4.0/i586/libnspr4-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm\n 6b3ad9cf7c2f4b7a008c6fd9c584289b corporate/4.0/i586/libnspr4-static-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm\n 31927dd82ca439052fe166e6b2864e07 corporate/4.0/i586/libnss3-1.5.0.10-1.1.20060mlcs4.i586.rpm\n 021eef345d030d8112f227b0b2c3a0f6 corporate/4.0/i586/libnss3-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm\n 2485f65a1860840e7abe7cd5a447c538 corporate/4.0/i586/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.i586.rpm\n ef609ec54c3e70b47067668f68c74e65 corporate/4.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm \n 64e5ea6cd7dc856aa4f7eda630e40d14 corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n fab1a497ea9801a29637f049e520422b corporate/4.0/x86_64/lib64nspr4-1.5.0.10-1.1.20060mlcs4.x86_64.rpm\n 647d403327794eb30e81e6b91b407dd1 corporate/4.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm\n 247c6c555fe4917bbdf3ae884ac309ba corporate/4.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm\n 710e426e4200912e2b4718d1c0613c58 corporate/4.0/x86_64/lib64nss3-1.5.0.10-1.1.20060mlcs4.x86_64.rpm\n 2efe3ddeb772f3d706f429bccd34675c corporate/4.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm\n 13e414365c4f1d3768a375cf29a40aa4 corporate/4.0/x86_64/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.x86_64.rpm\n 261d63f5547804f20ee022290429c866 corporate/4.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm \n 64e5ea6cd7dc856aa4f7eda630e40d14 corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFF6H18mqjQ0CJFipgRAna2AJ9Qa8Vf923jNIzai9QzQOOS4NRETgCgyICD\n+eNPSjeb5EQGZ6E5dYWPNSM=\n=AgMP\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6077"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"db": "BID",
"id": "21240"
},
{
"db": "VULHUB",
"id": "VHN-22185"
},
{
"db": "PACKETSTORM",
"id": "55035"
},
{
"db": "PACKETSTORM",
"id": "54701"
},
{
"db": "PACKETSTORM",
"id": "54814"
},
{
"db": "PACKETSTORM",
"id": "57941"
},
{
"db": "PACKETSTORM",
"id": "54812"
},
{
"db": "PACKETSTORM",
"id": "54914"
},
{
"db": "PACKETSTORM",
"id": "54837"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-22185",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22185"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6077",
"trust": 3.4
},
{
"db": "BID",
"id": "21240",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "23046",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1017271",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "23108",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "24238",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "24205",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "24395",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "24437",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "24457",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "24650",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25588",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "24393",
"trust": 1.7
},
{
"db": "BID",
"id": "22694",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-4662",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0718",
"trust": 1.7
},
{
"db": "XF",
"id": "30470",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "24328",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24320",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24342",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24293",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24290",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24343",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24384",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24333",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "24287",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000790",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402",
"trust": 0.7
},
{
"db": "UBUNTU",
"id": "USN-428-1",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0078",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0079",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0097",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0108",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2007:050",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061123 PASSWORD FLAW ALSO IN FIREFOX 1.5.08. WAS: BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061221 RE: CRITICAL FLAW IN FIREFOX 2.0.0.1 ALLOWS TO STEAL THE USER PASSWORDS WITH A VIDEOCLIP",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061220 CRITICAL FLAW IN FIREFOX 2.0.0.1 ALLOWS TO STEAL THE USER PASSWORDS WITH A VIDEOCLIP",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061222 RE[2]: CRITICAL FLAW IN FIREFOX 2.0.0.1 ALLOWS TO STEAL THE USER PASSWORDS WITH A VIDEOCLIP",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061122 BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070303 RPSA-2007-0040-3 FIREFOX THUNDERBIRD",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070226 RPSA-2007-0040-1 FIREFOX",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061123 RE: PASSWORD FLAW ALSO IN FIREFOX 1.5.08. WAS: BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20061123 RE: BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2007:022",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200703-04",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200703-08",
"trust": 0.6
},
{
"db": "SLACKWARE",
"id": "SSA:2007-066-05",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1336",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "55035",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "54914",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "54812",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "54814",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "54837",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-22185",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "24289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54701",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57941",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22185"
},
{
"db": "BID",
"id": "21240"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"db": "PACKETSTORM",
"id": "55035"
},
{
"db": "PACKETSTORM",
"id": "54701"
},
{
"db": "PACKETSTORM",
"id": "54814"
},
{
"db": "PACKETSTORM",
"id": "57941"
},
{
"db": "PACKETSTORM",
"id": "54812"
},
{
"db": "PACKETSTORM",
"id": "54914"
},
{
"db": "PACKETSTORM",
"id": "54837"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
},
{
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"id": "VAR-200611-0368",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22185"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T22:11:59.300000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX02153",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00771742"
},
{
"title": "HPSBUX02153",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02153.html"
},
{
"title": "seamonkey (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=984"
},
{
"title": "firefox (V4.0)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=946"
},
{
"title": "mfsa2007-02",
"trust": 0.8,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
},
{
"title": "mfsa2007-02",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2007/mfsa2007-02.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://browser.netscape.com/"
},
{
"title": "RHSA-2007:0077",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0077.html"
},
{
"title": "RHSA-2007:0078",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0078.html"
},
{
"title": "RHSA-2007:0079",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0079.html"
},
{
"title": "RHSA-2007:0097",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0097.html"
},
{
"title": "RHSA-2007:0108 ",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0108.html"
},
{
"title": "TLSA-2007-13",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2007/tlsa-2007-13.txt"
},
{
"title": "RHSA-2007:0079",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2007-0079j.html"
},
{
"title": "RHSA-2007:0097",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2007-0097j.html"
},
{
"title": "RHSA-2007:0108 ",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2007-0108j.html"
},
{
"title": "RHSA-2007:0077",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2007-0077j.html"
},
{
"title": "RHSA-2007:0078",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2007-0078j.html"
},
{
"title": "TLSA-2007-13",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2007/tlsa-2007-13j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/21240"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1017271"
},
{
"trust": 2.3,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
},
{
"trust": 2.0,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
},
{
"trust": 2.0,
"url": "http://www.info-svc.com/news/11-21-2006/"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/22694"
},
{
"trust": 1.7,
"url": "https://issues.rpath.com/browse/rpl-1081"
},
{
"trust": 1.7,
"url": "https://issues.rpath.com/browse/rpl-1103"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2007/dsa-1336"
},
{
"trust": 1.7,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:050"
},
{
"trust": 1.7,
"url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0077.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0078.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0079.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0097.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0108.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23046"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24395"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24437"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24457"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24650"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25588"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-428-1"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2006/4662"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/30470"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6077"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://fedoranews.org/cms/node/2713"
},
{
"trust": 1.1,
"url": "http://fedoranews.org/cms/node/2728"
},
{
"trust": 1.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c00771742"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10031"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/23108"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24205"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24238"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24287"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24290"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24293"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24320"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24328"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24333"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24342"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24343"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24384"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/24393"
},
{
"trust": 1.1,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-p.asc"
},
{
"trust": 1.1,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-p.asc"
},
{
"trust": 1.1,
"url": "http://lists.suse.com/archive/suse-security-announce/2007-mar/0001.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/4662"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0718"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/24205/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-6077"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/24238/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/23046/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/23108/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0775"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0981"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0778"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-6077"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0995"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/452463/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/452440/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/452431/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/452382/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/455148/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/455073/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454982/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0718"
},
{
"trust": 0.6,
"url": "http://secunia.com"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0800"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0779"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0780"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0777"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0780"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0777"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0775"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0995"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0778"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0779"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0800"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0981"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0008"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0009"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0996"
},
{
"trust": 0.3,
"url": "http://www.caminobrowser.org/releases/1.5.1/"
},
{
"trust": 0.3,
"url": "http://www.securitypronews.com/news/securitynews/spn-45-20061121firefoxopentonewxssflaw.html"
},
{
"trust": 0.3,
"url": "http://news.netcraft.com/archives/2006/10/27/myspace_accounts_compromised_by_phishers.html"
},
{
"trust": 0.3,
"url": "/archive/1/452382"
},
{
"trust": 0.3,
"url": "/archive/1/454982"
},
{
"trust": 0.3,
"url": "/archive/1/452463"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-114.htm"
},
{
"trust": 0.3,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1188588104897+28353475\u0026docid=c00771742"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0078.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0079.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0097.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0108.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0776"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-03.html"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-07.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1092"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0776"
},
{
"trust": 0.2,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366"
},
{
"trust": 0.2,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0801"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0801"
},
{
"trust": 0.2,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-01.html"
},
{
"trust": 0.2,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-04.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1092"
},
{
"trust": 0.2,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-05.html"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0009"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-08.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0008"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0996"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2007\u0026amp;m=slackware-security.338131"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200703-08.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24289/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24175/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5134/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1282"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0994"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0045"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dom-inspector_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-gnome-support_2.0.0.2+0dfsg-0ubuntu0.6.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_2.0.0.2+0dfsg-0ubuntu0.6.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox2.0.0.2+0dfsg-0ubuntu0.6.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1_i386.deb"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22185"
},
{
"db": "BID",
"id": "21240"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"db": "PACKETSTORM",
"id": "55035"
},
{
"db": "PACKETSTORM",
"id": "54701"
},
{
"db": "PACKETSTORM",
"id": "54814"
},
{
"db": "PACKETSTORM",
"id": "57941"
},
{
"db": "PACKETSTORM",
"id": "54812"
},
{
"db": "PACKETSTORM",
"id": "54914"
},
{
"db": "PACKETSTORM",
"id": "54837"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
},
{
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22185"
},
{
"db": "BID",
"id": "21240"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"db": "PACKETSTORM",
"id": "55035"
},
{
"db": "PACKETSTORM",
"id": "54701"
},
{
"db": "PACKETSTORM",
"id": "54814"
},
{
"db": "PACKETSTORM",
"id": "57941"
},
{
"db": "PACKETSTORM",
"id": "54812"
},
{
"db": "PACKETSTORM",
"id": "54914"
},
{
"db": "PACKETSTORM",
"id": "54837"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
},
{
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-24T00:00:00",
"db": "VULHUB",
"id": "VHN-22185"
},
{
"date": "2006-11-21T00:00:00",
"db": "BID",
"id": "21240"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"date": "2007-03-14T00:19:53",
"db": "PACKETSTORM",
"id": "55035"
},
{
"date": "2007-02-27T16:54:22",
"db": "PACKETSTORM",
"id": "54701"
},
{
"date": "2007-03-06T04:36:13",
"db": "PACKETSTORM",
"id": "54814"
},
{
"date": "2007-07-23T04:37:49",
"db": "PACKETSTORM",
"id": "57941"
},
{
"date": "2007-03-06T04:30:15",
"db": "PACKETSTORM",
"id": "54812"
},
{
"date": "2007-03-08T22:28:15",
"db": "PACKETSTORM",
"id": "54914"
},
{
"date": "2007-03-06T06:26:26",
"db": "PACKETSTORM",
"id": "54837"
},
{
"date": "2006-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-402"
},
{
"date": "2006-11-24T17:07:00",
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22185"
},
{
"date": "2008-03-17T18:00:00",
"db": "BID",
"id": "21240"
},
{
"date": "2007-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000790"
},
{
"date": "2006-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-402"
},
{
"date": "2018-10-17T21:46:26.407000",
"db": "NVD",
"id": "CVE-2006-6077"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "57941"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Firefox Password manager vulnerable to password disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000790"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-402"
}
],
"trust": 0.6
}
}
var-200907-0748
Vulnerability from variot
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. plural Mozilla product for, X.509 certificate of Common Name (CN) within the domain name in the field. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. There is a mismatch between the NSS library's handling of the domain name in the SSL certificate between the SSL client and the CA that issued the server certificate. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-2408
Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate (MFSA 2009-42).
CVE-2009-2404
Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names (MFSA 2009-43).
CVE-2009-2463
monarch2020 discovered an integer overflow n a base64 decoding function (MFSA 2010-07).
CVE-2009-3072
Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).
CVE-2009-3075
Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).
CVE-2010-0163
Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code (MFSA 2010-07).
For the stable distribution (lenny), these problems have been fixed in version 2.0.0.24-0lenny1.
Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available.
For the testing distribution squeeze and the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your icedove packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96
These files will probably be moved into the stable distribution on its next update.
CVE-2009-2408
Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate.
CVE-2009-2409
Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.
The old stable distribution (etch) doesn't contain nss.
A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625.
This update provides the latest version of Thunderbird which are not vulnerable to these issues.
Update:
The previous mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded (#53129). The new packages addresses this problem.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html https://bugs.gentoo.org/show_bug.cgi?id=280615 https://qa.mandriva.com/53129
Updated Packages:
Mandriva Linux 2009.1: 8129678451e9e36da6d95a2ce3a694ab 2009.1/i586/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.i586.rpm 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: f69e7801185436e47737979d0651f445 2009.1/x86_64/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.x86_64.rpm 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFKzc5rmqjQ0CJFipgRAvQpAJ9T/LqCuNLAGVYFcxh16Nw9SlgBjACfRyns 3p8/ikiKsb0/DKOQ4TGMJwI= =WJVE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0001 Synopsis: ESX Service Console updates for nss and nspr Issue date: 2010-01-06 Updated on: 2010-01-06 (initial release of advisory) CVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382
- Summary
Update for Service Console packages nss and nspr
- Relevant releases
VMware ESX 4.0 without patch ESX400-200912403-SG
- Problem Description
a. Update for Service Console packages nss and nspr
Service console packages for Network Security Services (NSS) and
NetScape Portable Runtime (NSPR) are updated to versions
nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This
patch fixes several security issues in the service console
packages for NSS and NSPR.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404,
CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372,
CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376,
CVE-2009-3380, and CVE-2009-3382 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200912403-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 affected, patch pending
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
ESX 4.0
ESX400-200912403-SG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip md5sum: 78c6cf139b7941dc736c9d3a41deae77 sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59 http://kb.vmware.com/kb/1016293
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG update
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382
- Change log
2010-01-06 VMSA-2010-0001 Initial security advisory after release of patch ESX400-200912403-SG for ESX 4.0 on 2010-01-06.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)
iD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo HgNlBjOx5iQw7etlwwpbyuo= =bIJJ -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Network Security Services Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA36093
VERIFY ADVISORY: http://secunia.com/advisories/36093/
DESCRIPTION: Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system.
1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate.
2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake.
SOLUTION: Update to version 3.12.3 or later.
PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Moxie Marlinspike 2) Dan Kaminsky
ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=512912 https://bugzilla.redhat.com/show_bug.cgi?id=510251
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
This update fixes these vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200907-0748",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "firefox",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.0.13"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"model": "seamonkey",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "1.1.18"
},
{
"model": "opensuse",
"scope": "lte",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"model": "network security services",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10.0"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"model": "opensuse",
"scope": "gte",
"trust": 1.0,
"vendor": "opensuse",
"version": "10.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"model": "seamonkey",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "5 (client)"
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "network security services",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "red hat enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "thunderbird",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "red hat enterprise linux eus",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "sun solaris",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "firefox",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "apple mac os x server",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "asianux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.12.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0.23",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.1",
"versionStartIncluding": "10.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandriva",
"sources": [
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-2408",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-39854",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-2408",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2408",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39854",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. plural Mozilla product for, X.509 certificate of Common Name (CN) within the domain name in the field. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. There is a mismatch between the NSS library\u0027s handling of the domain name in the SSL certificate between the SSL client and the CA that issued the server certificate. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42). \n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43). \n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07). \n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07). \n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07). \n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07). \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1. \n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available. \n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon. \n\n\nWe recommend that you upgrade your icedove packages. \n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz\n Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc\n Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz\n Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\nCVE-2009-2408\n\n Dan Kaminsky discovered that NULL characters in certificate\n names could lead to man-in-the-middle attacks by tricking the user\n into accepting a rogue certificate. \n\nCVE-2009-2409\n\n Certificates with MD2 hash signatures are no longer accepted\n since they\u0027re no longer considered cryptograhically secure. \n\n\nThe old stable distribution (etch) doesn\u0027t contain nss. \n \n A vulnerability was found in xmltok_impl.c (expat) that with\n specially crafted XML could be exploited and lead to a denial of\n service attack. Related to CVE-2009-2625. \n \n This update provides the latest version of Thunderbird which are not\n vulnerable to these issues. \n\n Update:\n\n The previous mozilla-thunderbird-moztraybiff packages had the wrong\n release which prevented it to be upgraded (#53129). The new packages\n addresses this problem. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408\n http://www.mozilla.org/security/announce/2009/mfsa2009-42.html\n https://bugs.gentoo.org/show_bug.cgi?id=280615\n https://qa.mandriva.com/53129\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.1:\n 8129678451e9e36da6d95a2ce3a694ab 2009.1/i586/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.i586.rpm \n 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n f69e7801185436e47737979d0651f445 2009.1/x86_64/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.x86_64.rpm \n 229bb034c2f1e741bd8f11419ae1aefe 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.2mdv2009.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFKzc5rmqjQ0CJFipgRAvQpAJ9T/LqCuNLAGVYFcxh16Nw9SlgBjACfRyns\n3p8/ikiKsb0/DKOQ4TGMJwI=\n=WJVE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0001\nSynopsis: ESX Service Console updates for nss and nspr\nIssue date: 2010-01-06\nUpdated on: 2010-01-06 (initial release of advisory)\nCVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404\n CVE-2009-1563 CVE-2009-3274 CVE-2009-3370\n CVE-2009-3372 CVE-2009-3373 CVE-2009-3374\n CVE-2009-3375 CVE-2009-3376 CVE-2009-3380\n CVE-2009-3382\n- -----------------------------------------------------------------------\n1. Summary\n\n Update for Service Console packages nss and nspr\n\n2. Relevant releases\n\n VMware ESX 4.0 without patch ESX400-200912403-SG\n\n3. Problem Description\n\n a. Update for Service Console packages nss and nspr\n\n Service console packages for Network Security Services (NSS) and\n NetScape Portable Runtime (NSPR) are updated to versions\n nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This\n patch fixes several security issues in the service console\n packages for NSS and NSPR. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404,\n CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372,\n CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376,\n CVE-2009-3380, and CVE-2009-3382 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200912403-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n ESX 4.0\n -------\n ESX400-200912403-SG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip\n md5sum: 78c6cf139b7941dc736c9d3a41deae77\n sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59\n http://kb.vmware.com/kb/1016293\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG\n update\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2010-01-06 VMSA-2010-0001\nInitial security advisory after release of patch ESX400-200912403-SG\nfor ESX 4.0 on 2010-01-06. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo\nHgNlBjOx5iQw7etlwwpbyuo=\n=bIJJ\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nNetwork Security Services Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA36093\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36093/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Network Security Services,\nwhich can potentially be exploited by malicious people to bypass\ncertain security restrictions or to compromise a vulnerable system. \n\n1) An error in the regular expression parser when matching common\nnames in certificates can be exploited to cause a heap-based buffer\noverflow, e.g. via a specially crafted certificate signed by a\ntrusted CA or when a user accepts a specially crafted certificate. \n\n2) An error exists in the parsing of certain certificate fields,\nwhich can be exploited to e.g. get a client to accept a specially\ncrafted certificate by mistake. \n\nSOLUTION:\nUpdate to version 3.12.3 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nRed Hat credits:\n1) Moxie Marlinspike\n2) Dan Kaminsky\n\nORIGINAL ADVISORY:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=512912\nhttps://bugzilla.redhat.com/show_bug.cgi?id=510251\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n \n This update fixes these vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2408"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39854",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2408",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "36125",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "36088",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "56723",
"trust": 1.9
},
{
"db": "VUPEN",
"id": "ADV-2009-2085",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1022632",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "37098",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36434",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36157",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36669",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "36139",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-3184",
"trust": 1.1
},
{
"db": "BID",
"id": "35888",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "36093",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "81880",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83397",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "82183",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83396",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "87886",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "81228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106472",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80223",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-200907-442",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-39854",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84923",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80547",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79888",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80546",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"id": "VAR-200907-0748",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:18:33.341000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2009",
"trust": 0.8,
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securitytracker.com/id?1022632"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/36088"
},
{
"trust": 1.9,
"url": "http://secunia.com/advisories/36125"
},
{
"trust": 1.9,
"url": "http://osvdb.org/56723"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"trust": 1.5,
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
},
{
"trust": 1.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36139"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36157"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36434"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36669"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37098"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:197"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:216"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:217"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2009-1207.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2009-1432.html"
},
{
"trust": 1.1,
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/810-2/"
},
{
"trust": 1.1,
"url": "http://isc.sans.org/diary.html?storyid=7003"
},
{
"trust": 1.1,
"url": "http://www.wired.com/threatlevel/2009/07/kaminsky/"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10751"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8458"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2408"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2408"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/36093"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/35888"
},
{
"trust": 0.7,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2408"
},
{
"trust": 0.6,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.6,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2404"
},
{
"trust": 0.4,
"url": "https://bugs.gentoo.org/show_bug.cgi?id=280615"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2404"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.2,
"url": "http://security.debian.org/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=oss-security\u0026amp;m=125198917018936\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026amp;r2=1.11\u0026amp;f=h"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3072"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3075"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0163"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2463"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb"
},
{
"trust": 0.1,
"url": "https://qa.mandriva.com/53129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3274"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3376"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3373"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3274"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3370"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1016293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-181-20091231-153046/esx400-200912001.zip"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3380"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3382"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3380"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3370"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36093/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3275"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39854"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "87886"
},
{
"db": "PACKETSTORM",
"id": "80698"
},
{
"db": "PACKETSTORM",
"id": "83397"
},
{
"db": "PACKETSTORM",
"id": "81880"
},
{
"db": "PACKETSTORM",
"id": "84923"
},
{
"db": "PACKETSTORM",
"id": "80547"
},
{
"db": "PACKETSTORM",
"id": "79888"
},
{
"db": "PACKETSTORM",
"id": "80546"
},
{
"db": "PACKETSTORM",
"id": "82183"
},
{
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-39854"
},
{
"date": "2009-09-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"date": "2009-12-03T20:56:14",
"db": "PACKETSTORM",
"id": "83396"
},
{
"date": "2010-04-01T03:25:53",
"db": "PACKETSTORM",
"id": "87886"
},
{
"date": "2009-08-26T23:21:43",
"db": "PACKETSTORM",
"id": "80698"
},
{
"date": "2009-12-03T20:56:41",
"db": "PACKETSTORM",
"id": "83397"
},
{
"date": "2009-10-08T18:25:53",
"db": "PACKETSTORM",
"id": "81880"
},
{
"date": "2010-01-07T19:33:17",
"db": "PACKETSTORM",
"id": "84923"
},
{
"date": "2009-08-24T17:22:35",
"db": "PACKETSTORM",
"id": "80547"
},
{
"date": "2009-08-04T12:12:18",
"db": "PACKETSTORM",
"id": "79888"
},
{
"date": "2009-08-24T17:21:29",
"db": "PACKETSTORM",
"id": "80546"
},
{
"date": "2009-10-26T18:46:23",
"db": "PACKETSTORM",
"id": "82183"
},
{
"date": "2009-07-30T19:30:00.313000",
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-39854"
},
{
"date": "2024-03-04T07:36:00",
"db": "JVNDB",
"id": "JVNDB-2009-001956"
},
{
"date": "2024-02-14T17:21:52.867000",
"db": "NVD",
"id": "CVE-2009-2408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "87886"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Mozilla\u00a0 product \u00a0 any in \u00a0SSL\u00a0 Server spoofing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001956"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "spoof",
"sources": [
{
"db": "PACKETSTORM",
"id": "83396"
},
{
"db": "PACKETSTORM",
"id": "80547"
}
],
"trust": 0.2
}
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*",
"matchCriteriaId": "078698FD-775C-4B73-998D-F6B4F601185C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D044E602-45A5-4B14-8B16-B0978D985027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31063052-D74D-41D0-B63D-4A7BADAC9C60",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE75E76-E20D-47A4-9603-0AF46F733AEF",
"versionEndIncluding": "7.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"id": "CVE-2005-0238",
"lastModified": "2024-11-20T23:54:42.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-20 10:02
Modified
2024-11-21 00:10
Severity ?
Summary
Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | camino | 0.1 | |
| mozilla | camino | 0.2 | |
| mozilla | camino | 0.3 | |
| mozilla | camino | 0.4 | |
| mozilla | camino | 0.5 | |
| mozilla | camino | 0.6 | |
| mozilla | camino | 0.7 | |
| mozilla | camino | 0.8 | |
| mozilla | camino | 0.8 | |
| mozilla | camino | 0.8.1 | |
| mozilla | camino | 0.8.2 | |
| mozilla | camino | 0.8.3 | |
| mozilla | camino | 0.8.4 | |
| mozilla | camino | 0.9 | |
| mozilla | camino | 1.0 | |
| mozilla | camino | 1.0 | |
| mozilla | camino | 1.0 | |
| mozilla | camino | 1.0 | |
| mozilla | camino | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:camino:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "671092C9-F79B-4C01-B8F8-730435FE6ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB241D47-606C-4F1A-99F0-D80EC7D275DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "726AB50A-62BA-4A0D-BC4D-E158E3E287E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79DE9471-29E5-479B-9E58-2ADAF6C7CC64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "676DDE7E-37EC-42D6-AA9F-A8AD6D5A13C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F05DE747-2D7D-4B97-B068-3098F47C1745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E70065D0-4FB1-40AF-AEC4-8333A79E9F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73793808-E359-49D4-A39B-2E1469A64797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "E705BDE3-C38F-4F54-89EA-90775FF7FDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07F432CC-CB34-454E-ACA5-932737141DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDCEADBD-3D86-466B-AD9C-B5D1BEFD0786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DB2F11-1691-42C3-B792-F34F53FFB457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31C05BFA-D947-47B7-8EA2-5C0F171F0A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:0.9:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "6759360C-6872-4B59-9C21-72CDD5C098DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D36959E8-B699-4376-80C3-116FDA82584A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:1.0:apha1:*:*:*:*:*:*",
"matchCriteriaId": "76996B11-D260-4CFE-8A14-1C55DDB18700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F0B91B4F-65A9-4A8B-B7DD-58AF59DC09E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B7628F02-0546-4A16-8C73-0CE84C5DA658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:camino:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EBD5FC17-3F95-4747-93A2-A78DC691F5F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724."
}
],
"id": "CVE-2006-1901",
"lastModified": "2024-11-21T00:10:02.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/772"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431004/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431004/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31C05BFA-D947-47B7-8EA2-5C0F171F0A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E748A943-8A1E-4657-826C-EBE013E04864",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function."
}
],
"id": "CVE-2005-2114",
"lastModified": "2024-11-20T23:58:50.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112008299210033\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014292"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014293"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014294"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014349"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014372"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.kurczaba.com/html/security/0506241.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-586.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-587.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/securitynews/5OP0U00G1G.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112008299210033\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.kurczaba.com/html/security/0506241.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-586.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-587.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/securitynews/5OP0U00G1G.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9628"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-08 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | camino | 0.8.5 | |
| mozilla | firefox | 1.0 | |
| mozilla | mozilla | * | |
| omnigroup | omniweb | 5 | |
| opera | opera_browser | * | |
| opera_software | opera_web_browser | 7.54 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D044E602-45A5-4B14-8B16-B0978D985027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F232DA-F897-4429-922E-F5CFF865A8AA",
"versionEndExcluding": "1.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD3E937-C813-4564-9E3C-D009D39E8A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE75E76-E20D-47A4-9603-0AF46F733AEF",
"versionEndIncluding": "7.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "142EB1E3-2918-4792-83D7-9D7B6A3BD26B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
],
"id": "CVE-2005-0233",
"lastModified": "2024-11-20T23:54:41.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-08T05:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"source": "secalert@redhat.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110782704923280\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
],
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 14:12
Modified
2024-11-21 00:52
Severity ?
Summary
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | camino | * | |
| mozilla | firefox | * | |
| mozilla | seamonkey | * | |
| adobe | flash_player | * | |
| adobe | flash_player | 7.0.69.0 | |
| adobe | flash_player | 8.0.39.0 | |
| adobe | flash_player | 9.0 | |
| adobe | flash_player | 9.0.16 | |
| adobe | flash_player | 9.0.16 | |
| adobe | flash_player | 9.0.18d60 | |
| adobe | flash_player | 9.0.20 | |
| adobe | flash_player | 9.0.20.0 | |
| adobe | flash_player | 9.0.28 | |
| adobe | flash_player | 9.0.28.0 | |
| adobe | flash_player | 9.0.28.0 | |
| adobe | flash_player | 9.0.31 | |
| adobe | flash_player | 9.0.31.0 | |
| adobe | flash_player | 9.0.45.0 | |
| adobe | flash_player | 9.0.47.0 | |
| adobe | flash_player | 9.0.48.0 | |
| adobe | flash_player | 9.0.112.0 | |
| adobe | flash_player | 9.0.114.0 | |
| adobe | flash_player | 9.0.115.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:camino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00F4BE3D-0CBC-4A26-AB40-994C11BC56CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "138701FB-929A-4683-B41F-CB014ACFE44A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43678F-7BFF-43EF-8968-B440E2BEF76F",
"versionEndIncluding": "9.0.124.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A82D5B56-44E0-4120-B73E-0A1155AF4B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7DD938-F963-4E03-B66B-F00436E4EA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A0777F-22C2-4FD5-BE81-8982BE6874D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F35F86B6-D49A-40F4-BFFA-5D6BBA2F7D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.16:*:windows:*:*:*:*:*",
"matchCriteriaId": "5A37EB65-9EDD-41B0-ABEB-8A00232D8770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*",
"matchCriteriaId": "600DDA9D-6440-48D1-8539-7127398A8678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D5E27C-F6BF-4F84-9B83-6AEC98B4AA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "934A869D-D58D-4C36-B86E-013F62790585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFA6611-99DA-48B0-89F7-DD99B8E30334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59AF804B-BD7A-4AD7-AD44-B5D980443B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "91A2A8EA-455E-4E26-8D4A-56925A42F559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D52F86-2E38-4C66-9939-7603367B8D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0557AA2A-FA3A-460A-8F03-DC74B149CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC04ABF-6191-4AA5-90B2-E7A97E6C6005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F22F1B02-CCF5-4770-A79B-1F58CA4321CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93957171-F1F4-43ED-A8B9-2D36C81EB1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE89894-E492-4380-8A2B-4CDD3A15667A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6ED706-BAF2-4795-B597-6F7EE8CA8911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*",
"matchCriteriaId": "260E2CF6-4D15-4168-A933-3EC52D8F93FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Adobe Flash Player 9.0.124.0 y anteriores, cuando se usa un navegador de Mozilla, no interpreta adecuadamente URLs jar:, lo que permite a atacantes obtener informaci\u00f3n sensible mediante vectores desconocidos."
}
],
"id": "CVE-2008-4821",
"lastModified": "2024-11-21T00:52:39.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-10T14:12:55.843",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32702"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33179"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33390"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34226"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3338"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32129"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021149"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=834256\u0026poid="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46534"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}