Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2006-4569 (GCVE-0-2006-4569)
Vulnerability from cvelistv5 – Published: 2006-09-15 19:00 – Updated: 2024-08-07 19:14
VLAI?
EPSS
Summary
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "oval:org.mitre.oval:def:10650",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650"
},
{
"name": "22195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"name": "1016849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016849"
},
{
"name": "21950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21950"
},
{
"name": "USN-351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name": "22025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22025"
},
{
"name": "22056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22056"
},
{
"name": "MDKSA-2006:168",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name": "22210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22210"
},
{
"name": "24711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "firefox-popup-blocker-xss(28957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957"
},
{
"name": "ADV-2007-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "GLSA-200609-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "RHSA-2006:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name": "20042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20042"
},
{
"name": "22001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22001"
},
{
"name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22066"
},
{
"name": "21949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21949"
},
{
"name": "SUSE-SA:2006:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"name": "USN-354-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "22422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2006-3748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "oval:org.mitre.oval:def:10650",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650"
},
{
"name": "22195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"name": "1016849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016849"
},
{
"name": "21950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21950"
},
{
"name": "USN-351-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name": "22025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22025"
},
{
"name": "22056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22056"
},
{
"name": "MDKSA-2006:168",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name": "22210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22210"
},
{
"name": "24711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name": "ADV-2008-0083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "firefox-popup-blocker-xss(28957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957"
},
{
"name": "ADV-2007-1198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "GLSA-200609-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "RHSA-2006:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name": "20042",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20042"
},
{
"name": "22001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22001"
},
{
"name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "22066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22066"
},
{
"name": "21949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21949"
},
{
"name": "SUSE-SA:2006:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"name": "USN-354-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "22422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22422"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-4569",
"datePublished": "2006-09-15T19:00:00",
"dateReserved": "2006-09-06T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.5.0.6\", \"matchCriteriaId\": \"553BE4FA-523B-4AED-90D4-6FFCFD91E4F8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \\\"blocked popups\\\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.\"}, {\"lang\": \"es\", \"value\": \"El bloqueador de ventanas emergentes de Mozilla Firefox anterior a 1.5.0.7 abre las \\\"vetanas emergentes bloqueadas\\\" mostrando el contexto de la barra de localizaci\\u00f3n en vez del subframe en el cual el popup se origin\\u00f3, que puede hacer m\\u00e1s f\\u00e1cil para que atacantes remotos con la complicidad del usuario conduzcan a ataques de secuencias de comandos en sitios cruzados(XSS).\"}]",
"id": "CVE-2006-4569",
"lastModified": "2024-11-21T00:16:16.553",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2006-09-15T19:07:00.000",
"references": "[{\"url\": \"http://secunia.com/advisories/21949\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21950\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/22001\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/22025\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/22056\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/22066\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/22195\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/22210\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/22422\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/24711\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200609-19.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securitytracker.com/id?1016849\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:168\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mozilla.org/security/announce/2006/mfsa2006-62.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_54_mozilla.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0675.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446140/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/20042\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-351-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-354-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3748\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1198\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0083\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28957\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-640\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/21949\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22025\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22056\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22066\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22422\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200609-19.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016849\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mozilla.org/security/announce/2006/mfsa2006-62.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_54_mozilla.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2006-0675.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446140/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-351-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-354-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0083\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28957\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2006-4569\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2006-09-15T19:07:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \\\"blocked popups\\\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.\"},{\"lang\":\"es\",\"value\":\"El bloqueador de ventanas emergentes de Mozilla Firefox anterior a 1.5.0.7 abre las \\\"vetanas emergentes bloqueadas\\\" mostrando el contexto de la barra de localizaci\u00f3n en vez del subframe en el cual el popup se origin\u00f3, que puede hacer m\u00e1s f\u00e1cil para que atacantes remotos con la complicidad del usuario conduzcan a ataques de secuencias de comandos en sitios cruzados(XSS).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.0.6\",\"matchCriteriaId\":\"553BE4FA-523B-4AED-90D4-6FFCFD91E4F8\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21949\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21950\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/22001\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/22025\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/22056\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/22066\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/22195\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/22210\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/22422\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/24711\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200609-19.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1016849\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:168\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mozilla.org/security/announce/2006/mfsa2006-62.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_54_mozilla.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0675.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/446140/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/20042\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-351-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-354-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3748\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1198\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0083\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28957\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.rpath.com/browse/RPL-640\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/21949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22025\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22066\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200609-19.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2006/mfsa2006-62.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_54_mozilla.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2006-0675.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/446140/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-351-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-354-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2006-4569
Vulnerability from fkie_nvd - Published: 2006-09-15 19:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://secunia.com/advisories/21949 | Patch, Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/21950 | ||
| secalert@redhat.com | http://secunia.com/advisories/22001 | ||
| secalert@redhat.com | http://secunia.com/advisories/22025 | ||
| secalert@redhat.com | http://secunia.com/advisories/22056 | ||
| secalert@redhat.com | http://secunia.com/advisories/22066 | ||
| secalert@redhat.com | http://secunia.com/advisories/22195 | ||
| secalert@redhat.com | http://secunia.com/advisories/22210 | ||
| secalert@redhat.com | http://secunia.com/advisories/22422 | ||
| secalert@redhat.com | http://secunia.com/advisories/24711 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200609-19.xml | ||
| secalert@redhat.com | http://securitytracker.com/id?1016849 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 | ||
| secalert@redhat.com | http://www.mozilla.org/security/announce/2006/mfsa2006-62.html | Vendor Advisory | |
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2006_54_mozilla.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2006-0675.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/446140/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/20042 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-351-1 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-354-1 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/3748 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2007/1198 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2008/0083 | ||
| secalert@redhat.com | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/28957 | ||
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-640 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21949 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21950 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22025 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22056 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22066 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22195 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22210 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22422 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24711 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200609-19.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016849 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2006/mfsa2006-62.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2006_54_mozilla.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2006-0675.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/446140/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/20042 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-351-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-354-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3748 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1198 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28957 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-640 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "553BE4FA-523B-4AED-90D4-6FFCFD91E4F8",
"versionEndIncluding": "1.5.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks."
},
{
"lang": "es",
"value": "El bloqueador de ventanas emergentes de Mozilla Firefox anterior a 1.5.0.7 abre las \"vetanas emergentes bloqueadas\" mostrando el contexto de la barra de localizaci\u00f3n en vez del subframe en el cual el popup se origin\u00f3, que puede hacer m\u00e1s f\u00e1cil para que atacantes remotos con la complicidad del usuario conduzcan a ataques de secuencias de comandos en sitios cruzados(XSS)."
}
],
"id": "CVE-2006-4569",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-09-15T19:07:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21949"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21950"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22001"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22025"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22056"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22066"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22195"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22210"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22422"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/24711"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016849"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/20042"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "secalert@redhat.com",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9M24-J378-4W43
Vulnerability from github – Published: 2022-05-01 07:19 – Updated: 2022-05-01 07:19
VLAI?
Details
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
{
"affected": [],
"aliases": [
"CVE-2006-4569"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-09-15T19:07:00Z",
"severity": "LOW"
},
"details": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.",
"id": "GHSA-9m24-j378-4w43",
"modified": "2022-05-01T07:19:54Z",
"published": "2022-05-01T07:19:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4569"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/21949"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/21950"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22001"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22025"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22056"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22066"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22195"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22210"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/22422"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/24711"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1016849"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/20042"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"type": "WEB",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
}
],
"schema_version": "1.4.0",
"severity": []
}
RHSA-2006:0675
Vulnerability from csaf_redhat - Published: 2006-09-15 06:38 - Updated: 2025-11-21 17:30Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Mozilla Firefox is an open source Web browser.
Two flaws were found in the way Firefox processed certain regular
expressions. A malicious web page could crash the browser or possibly
execute arbitrary code as the user running Firefox. (CVE-2006-4565,
CVE-2006-4566)
A number of flaws were found in Firefox. A malicious web page could crash
the browser or possibly execute arbitrary code as the user running Firefox.
(CVE-2006-4571)
A flaw was found in the handling of Javascript timed events. A malicious
web page could crash the browser or possibly execute arbitrary code as the
user running Firefox. (CVE-2006-4253)
Daniel Bleichenbacher recently described an implementation error in RSA
signature verification. For RSA keys with exponent 3 it is possible for an
attacker to forge a signature that would be incorrectly verified by the NSS
library. Firefox as shipped trusts several root Certificate Authorities
that use exponent 3. An attacker could have created a carefully crafted
SSL certificate which be incorrectly trusted when their site was visited by
a victim. (CVE-2006-4340)
A flaw was found in the Firefox auto-update verification system. An
attacker who has the ability to spoof a victim's DNS could get Firefox to
download and install malicious code. In order to exploit this issue an
attacker would also need to get a victim to previously accept an
unverifiable certificate. (CVE-2006-4567)
Firefox did not properly prevent a frame in one domain from injecting
content into a sub-frame that belongs to another domain, which facilitates
website spoofing and other attacks (CVE-2006-4568)
Firefox did not load manually opened, blocked popups in the right domain
context, which could lead to cross-site scripting attacks. In order to
exploit this issue an attacker would need to find a site which would frame
their malicious page and convince the user to manually open a blocked
popup. (CVE-2006-4569)
Users of Firefox are advised to upgrade to this update, which contains
Firefox version 1.5.0.7 that corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated firefox packages that fix several security bugs are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open source Web browser.\n\nTwo flaws were found in the way Firefox processed certain regular\nexpressions. A malicious web page could crash the browser or possibly\nexecute arbitrary code as the user running Firefox. (CVE-2006-4565,\nCVE-2006-4566)\n\nA number of flaws were found in Firefox. A malicious web page could crash\nthe browser or possibly execute arbitrary code as the user running Firefox.\n (CVE-2006-4571)\n\nA flaw was found in the handling of Javascript timed events. A malicious\nweb page could crash the browser or possibly execute arbitrary code as the\nuser running Firefox. (CVE-2006-4253)\n\nDaniel Bleichenbacher recently described an implementation error in RSA\nsignature verification. For RSA keys with exponent 3 it is possible for an\nattacker to forge a signature that would be incorrectly verified by the NSS\nlibrary. Firefox as shipped trusts several root Certificate Authorities\nthat use exponent 3. An attacker could have created a carefully crafted\nSSL certificate which be incorrectly trusted when their site was visited by\na victim. (CVE-2006-4340)\n\nA flaw was found in the Firefox auto-update verification system. An\nattacker who has the ability to spoof a victim\u0027s DNS could get Firefox to\ndownload and install malicious code. In order to exploit this issue an\nattacker would also need to get a victim to previously accept an\nunverifiable certificate. (CVE-2006-4567)\n\nFirefox did not properly prevent a frame in one domain from injecting\ncontent into a sub-frame that belongs to another domain, which facilitates\nwebsite spoofing and other attacks (CVE-2006-4568)\n\nFirefox did not load manually opened, blocked popups in the right domain\ncontext, which could lead to cross-site scripting attacks. In order to\nexploit this issue an attacker would need to find a site which would frame\ntheir malicious page and convince the user to manually open a blocked\npopup. (CVE-2006-4569)\n\nUsers of Firefox are advised to upgrade to this update, which contains\nFirefox version 1.5.0.7 that corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0675",
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "206428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=206428"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0675.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T17:30:47+00:00",
"generator": {
"date": "2025-11-21T17:30:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2006:0675",
"initial_release_date": "2006-09-15T06:38:00+00:00",
"revision_history": [
{
"date": "2006-09-15T06:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-09-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:30:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.ia64",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64",
"product_id": "firefox-0:1.5.0.7-0.1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"product_id": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.i386",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386",
"product_id": "firefox-0:1.5.0.7-0.1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.src",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.src",
"product_id": "firefox-0:1.5.0.7-0.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.ppc",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc",
"product_id": "firefox-0:1.5.0.7-0.1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.s390x",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x",
"product_id": "firefox-0:1.5.0.7-0.1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=s390"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.s390",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390",
"product_id": "firefox-0:1.5.0.7-0.1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-4253",
"discovery_date": "2006-08-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618177"
}
],
"notes": [
{
"category": "description",
"text": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4253"
},
{
"category": "external",
"summary": "RHBZ#1618177",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618177"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4253",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4253"
}
],
"release_date": "2006-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4340",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618183"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4340"
},
{
"category": "external",
"summary": "RHBZ#1618183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4340",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4340"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4565",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618191"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a \"minimal quantifier.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4565"
},
{
"category": "external",
"summary": "RHBZ#1618191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4565"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4566",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618192"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set (\"[\\\\\"), which leads to a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4566"
},
{
"category": "external",
"summary": "RHBZ#1618192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618192"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4566"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4567",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618193"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4567"
},
{
"category": "external",
"summary": "RHBZ#1618193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4567",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4567"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4568",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618194"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4568"
},
{
"category": "external",
"summary": "RHBZ#1618194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4568",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4568"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4568",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4568"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4569",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618195"
}
],
"notes": [
{
"category": "description",
"text": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4569"
},
{
"category": "external",
"summary": "RHBZ#1618195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4569",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4569"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4569",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4569"
}
],
"release_date": "2006-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4571",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "209167"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "seamonkey \u003c 1.0.5 multiple vulnerabilities; to replace Mozilla",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4571"
},
{
"category": "external",
"summary": "RHBZ#209167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=209167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4571"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4571",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4571"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "seamonkey \u003c 1.0.5 multiple vulnerabilities; to replace Mozilla"
}
]
}
RHSA-2006_0675
Vulnerability from csaf_redhat - Published: 2006-09-15 06:38 - Updated: 2024-11-22 00:30Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Mozilla Firefox is an open source Web browser.
Two flaws were found in the way Firefox processed certain regular
expressions. A malicious web page could crash the browser or possibly
execute arbitrary code as the user running Firefox. (CVE-2006-4565,
CVE-2006-4566)
A number of flaws were found in Firefox. A malicious web page could crash
the browser or possibly execute arbitrary code as the user running Firefox.
(CVE-2006-4571)
A flaw was found in the handling of Javascript timed events. A malicious
web page could crash the browser or possibly execute arbitrary code as the
user running Firefox. (CVE-2006-4253)
Daniel Bleichenbacher recently described an implementation error in RSA
signature verification. For RSA keys with exponent 3 it is possible for an
attacker to forge a signature that would be incorrectly verified by the NSS
library. Firefox as shipped trusts several root Certificate Authorities
that use exponent 3. An attacker could have created a carefully crafted
SSL certificate which be incorrectly trusted when their site was visited by
a victim. (CVE-2006-4340)
A flaw was found in the Firefox auto-update verification system. An
attacker who has the ability to spoof a victim's DNS could get Firefox to
download and install malicious code. In order to exploit this issue an
attacker would also need to get a victim to previously accept an
unverifiable certificate. (CVE-2006-4567)
Firefox did not properly prevent a frame in one domain from injecting
content into a sub-frame that belongs to another domain, which facilitates
website spoofing and other attacks (CVE-2006-4568)
Firefox did not load manually opened, blocked popups in the right domain
context, which could lead to cross-site scripting attacks. In order to
exploit this issue an attacker would need to find a site which would frame
their malicious page and convince the user to manually open a blocked
popup. (CVE-2006-4569)
Users of Firefox are advised to upgrade to this update, which contains
Firefox version 1.5.0.7 that corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated firefox packages that fix several security bugs are now available\nfor Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open source Web browser.\n\nTwo flaws were found in the way Firefox processed certain regular\nexpressions. A malicious web page could crash the browser or possibly\nexecute arbitrary code as the user running Firefox. (CVE-2006-4565,\nCVE-2006-4566)\n\nA number of flaws were found in Firefox. A malicious web page could crash\nthe browser or possibly execute arbitrary code as the user running Firefox.\n (CVE-2006-4571)\n\nA flaw was found in the handling of Javascript timed events. A malicious\nweb page could crash the browser or possibly execute arbitrary code as the\nuser running Firefox. (CVE-2006-4253)\n\nDaniel Bleichenbacher recently described an implementation error in RSA\nsignature verification. For RSA keys with exponent 3 it is possible for an\nattacker to forge a signature that would be incorrectly verified by the NSS\nlibrary. Firefox as shipped trusts several root Certificate Authorities\nthat use exponent 3. An attacker could have created a carefully crafted\nSSL certificate which be incorrectly trusted when their site was visited by\na victim. (CVE-2006-4340)\n\nA flaw was found in the Firefox auto-update verification system. An\nattacker who has the ability to spoof a victim\u0027s DNS could get Firefox to\ndownload and install malicious code. In order to exploit this issue an\nattacker would also need to get a victim to previously accept an\nunverifiable certificate. (CVE-2006-4567)\n\nFirefox did not properly prevent a frame in one domain from injecting\ncontent into a sub-frame that belongs to another domain, which facilitates\nwebsite spoofing and other attacks (CVE-2006-4568)\n\nFirefox did not load manually opened, blocked popups in the right domain\ncontext, which could lead to cross-site scripting attacks. In order to\nexploit this issue an attacker would need to find a site which would frame\ntheir malicious page and convince the user to manually open a blocked\npopup. (CVE-2006-4569)\n\nUsers of Firefox are advised to upgrade to this update, which contains\nFirefox version 1.5.0.7 that corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2006:0675",
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#critical",
"url": "http://www.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "206428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=206428"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0675.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T00:30:41+00:00",
"generator": {
"date": "2024-11-22T00:30:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2006:0675",
"initial_release_date": "2006-09-15T06:38:00+00:00",
"revision_history": [
{
"date": "2006-09-15T06:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2006-09-15T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T00:30:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.ia64",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64",
"product_id": "firefox-0:1.5.0.7-0.1.el4.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"product_id": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.i386",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386",
"product_id": "firefox-0:1.5.0.7-0.1.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.src",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.src",
"product_id": "firefox-0:1.5.0.7-0.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.ppc",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc",
"product_id": "firefox-0:1.5.0.7-0.1.el4.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.s390x",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x",
"product_id": "firefox-0:1.5.0.7-0.1.el4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"product": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"product_id": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@1.5.0.7-0.1.el4?arch=s390"
}
}
},
{
"category": "product_version",
"name": "firefox-0:1.5.0.7-0.1.el4.s390",
"product": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390",
"product_id": "firefox-0:1.5.0.7-0.1.el4.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@1.5.0.7-0.1.el4?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.src"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
},
"product_reference": "firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-4253",
"discovery_date": "2006-08-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618177"
}
],
"notes": [
{
"category": "description",
"text": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4253"
},
{
"category": "external",
"summary": "RHBZ#1618177",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618177"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4253",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4253"
}
],
"release_date": "2006-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4340",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618183"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4340"
},
{
"category": "external",
"summary": "RHBZ#1618183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4340",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4340"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4565",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618191"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a \"minimal quantifier.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4565"
},
{
"category": "external",
"summary": "RHBZ#1618191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4565"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4566",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618192"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set (\"[\\\\\"), which leads to a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4566"
},
{
"category": "external",
"summary": "RHBZ#1618192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618192"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4566"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4567",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618193"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4567"
},
{
"category": "external",
"summary": "RHBZ#1618193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4567",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4567"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4568",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618194"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4568"
},
{
"category": "external",
"summary": "RHBZ#1618194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4568",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4568"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4568",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4568"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4569",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1618195"
}
],
"notes": [
{
"category": "description",
"text": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4569"
},
{
"category": "external",
"summary": "RHBZ#1618195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4569",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4569"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4569",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4569"
}
],
"release_date": "2006-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2006-4571",
"discovery_date": "2006-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "209167"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "seamonkey \u003c 1.0.5 multiple vulnerabilities; to replace Mozilla",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-4571"
},
{
"category": "external",
"summary": "RHBZ#209167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=209167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4571"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-4571",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4571"
}
],
"release_date": "2006-09-15T00:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2006-09-15T06:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"4AS:firefox-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-0:1.5.0.7-0.1.el4.src",
"4AS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4AS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.src",
"4Desktop:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4Desktop:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-0:1.5.0.7-0.1.el4.src",
"4ES:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4ES:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-0:1.5.0.7-0.1.el4.src",
"4WS:firefox-0:1.5.0.7-0.1.el4.x86_64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.i386",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ia64",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.ppc",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.s390x",
"4WS:firefox-debuginfo-0:1.5.0.7-0.1.el4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2006:0675"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "seamonkey \u003c 1.0.5 multiple vulnerabilities; to replace Mozilla"
}
]
}
CERTA-2006-AVI-391
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités ont été identifies dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. L'exploitation de ceux-ci contre un système vulnérable peuvent conduire à une exécution de code arbitraire à distance.
Description
Plusieurs vulnérabilités ont été identifiées dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. Parmi celles-ci :
- la manipulation de certains codes Javascript par le navigateur Firefox pourrait provoquer un débordement de la mémoire, et ainsi permettre l'exécution de commandes arbitraires. L'utilisateur doit visiter une page construite de manière malveillante pour être impacté. Cependant, la messagerie Thunderbird utilise en grande partie le noyau du navigateur Firefox pour l'affichage de messages en format HTML, quand cela est autorisé. L'utilisateur pourrait donc avoir son système compromis suite à la lecture d'un courrier électronique. Cette option n'est pas activée par défaut.
- la désactivation de Javascript dans la messagerie Thunderbird ne serait pas correctement effectuée, et pourrait être contournée afin de permettre l'exécution de code Javascript à l'insu de l'utilisateur.
- une mauvaise vérification des signatures RSA PKCS #1 v1.5 utilisant un exposant de valeur 3. Cette vulnérabilité est à mettre en relation avec l'avis du CERTA CERTA-200-AVI-384 concernant OpenSSL.
- la procédure de mise à jour de Firefox et Thunderbird, basée sur SSL ne s'effecturait pas correctement. Il serait possible, en usurpant les réponses DNS adressées à la victime, de rediriger ses requêtes de mises à jour vers un site malveillant. Le certificat ne serait alors pas convenablement vérifié.
Solution
Se référer au bulletin de sécurité de Mozilla pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla SeaMonkey 1.0.4 ainsi que les versions ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Thunderbird 1.5.0.5 ainsi que les versions ant\u00e9rieures ;",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox 1.5.0.6 ainsi que les versions ant\u00e9rieures ;",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Mozilla\nFirefox, Thunderbird et SeaMonkey. Parmi celles-ci :\n\n- la manipulation de certains codes Javascript par le navigateur\n Firefox pourrait provoquer un d\u00e9bordement de la m\u00e9moire, et ainsi\n permettre l\u0027ex\u00e9cution de commandes arbitraires. L\u0027utilisateur doit\n visiter une page construite de mani\u00e8re malveillante pour \u00eatre\n impact\u00e9. Cependant, la messagerie Thunderbird utilise en grande\n partie le noyau du navigateur Firefox pour l\u0027affichage de messages\n en format HTML, quand cela est autoris\u00e9. L\u0027utilisateur pourrait donc\n avoir son syst\u00e8me compromis suite \u00e0 la lecture d\u0027un courrier\n \u00e9lectronique. Cette option n\u0027est pas activ\u00e9e par d\u00e9faut.\n- la d\u00e9sactivation de Javascript dans la messagerie Thunderbird ne\n serait pas correctement effectu\u00e9e, et pourrait \u00eatre contourn\u00e9e afin\n de permettre l\u0027ex\u00e9cution de code Javascript \u00e0 l\u0027insu de\n l\u0027utilisateur.\n- une mauvaise v\u00e9rification des signatures RSA PKCS \\#1 v1.5 utilisant\n un exposant de valeur 3. Cette vuln\u00e9rabilit\u00e9 est \u00e0 mettre en\n relation avec l\u0027avis du CERTA CERTA-200-AVI-384 concernant OpenSSL.\n- la proc\u00e9dure de mise \u00e0 jour de Firefox et Thunderbird, bas\u00e9e sur SSL\n ne s\u0027effecturait pas correctement. Il serait possible, en usurpant\n les r\u00e9ponses DNS adress\u00e9es \u00e0 la victime, de rediriger ses requ\u00eates\n de mises \u00e0 jour vers un site malveillant. Le certificat ne serait\n alors pas convenablement v\u00e9rifi\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Mozilla pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-4339",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4339"
},
{
"name": "CVE-2006-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4566"
},
{
"name": "CVE-2006-4570",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4570"
},
{
"name": "CVE-2006-4253",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4253"
},
{
"name": "CVE-2006-4568",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4568"
},
{
"name": "CVE-2006-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4565"
},
{
"name": "CVE-2006-4567",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4567"
},
{
"name": "CVE-2006-4340",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4340"
},
{
"name": "CVE-2006-4569",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4569"
},
{
"name": "CVE-2006-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4571"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-352 du 25 septembre 2006 :",
"url": "http://www.ubuntu.com/usn/usn-352-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-60 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2006:0675 du 15 septembre 2006 :",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0675.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-64 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-63 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2006:0677 du 15 septembre 2006 :",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0677.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-59 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-57 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-351 du 22 septembre 2006 :",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2006:054 du 22 septembre 2006 :",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Sep/0008.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:168 du 20 septembre 2006 :",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-62 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SGI 20060901-01-P du 19 septembre 2006 :",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-58 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-58.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-350 du 21 septembre 2006 :",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2006:0676 du 15 septembre 2006 :",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0676.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-61 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-61.html"
}
],
"reference": "CERTA-2006-AVI-391",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-09-15T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SuSE, Ubuntu, Red Hat, Mandriva et SGI.",
"revision_date": "2006-09-26T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Ubuntu, Red Hat.",
"revision_date": "2006-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifies dans les produits Mozilla\nFirefox, Thunderbird et SeaMonkey. L\u0027exploitation de ceux-ci contre un\nsyst\u00e8me vuln\u00e9rable peuvent conduire \u00e0 une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Mises \u00e0 jour Mozilla du 14 septembre 2006",
"url": null
}
]
}
CERTA-2006-AVI-391
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités ont été identifies dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. L'exploitation de ceux-ci contre un système vulnérable peuvent conduire à une exécution de code arbitraire à distance.
Description
Plusieurs vulnérabilités ont été identifiées dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. Parmi celles-ci :
- la manipulation de certains codes Javascript par le navigateur Firefox pourrait provoquer un débordement de la mémoire, et ainsi permettre l'exécution de commandes arbitraires. L'utilisateur doit visiter une page construite de manière malveillante pour être impacté. Cependant, la messagerie Thunderbird utilise en grande partie le noyau du navigateur Firefox pour l'affichage de messages en format HTML, quand cela est autorisé. L'utilisateur pourrait donc avoir son système compromis suite à la lecture d'un courrier électronique. Cette option n'est pas activée par défaut.
- la désactivation de Javascript dans la messagerie Thunderbird ne serait pas correctement effectuée, et pourrait être contournée afin de permettre l'exécution de code Javascript à l'insu de l'utilisateur.
- une mauvaise vérification des signatures RSA PKCS #1 v1.5 utilisant un exposant de valeur 3. Cette vulnérabilité est à mettre en relation avec l'avis du CERTA CERTA-200-AVI-384 concernant OpenSSL.
- la procédure de mise à jour de Firefox et Thunderbird, basée sur SSL ne s'effecturait pas correctement. Il serait possible, en usurpant les réponses DNS adressées à la victime, de rediriger ses requêtes de mises à jour vers un site malveillant. Le certificat ne serait alors pas convenablement vérifié.
Solution
Se référer au bulletin de sécurité de Mozilla pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla SeaMonkey 1.0.4 ainsi que les versions ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Thunderbird 1.5.0.5 ainsi que les versions ant\u00e9rieures ;",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox 1.5.0.6 ainsi que les versions ant\u00e9rieures ;",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Mozilla\nFirefox, Thunderbird et SeaMonkey. Parmi celles-ci :\n\n- la manipulation de certains codes Javascript par le navigateur\n Firefox pourrait provoquer un d\u00e9bordement de la m\u00e9moire, et ainsi\n permettre l\u0027ex\u00e9cution de commandes arbitraires. L\u0027utilisateur doit\n visiter une page construite de mani\u00e8re malveillante pour \u00eatre\n impact\u00e9. Cependant, la messagerie Thunderbird utilise en grande\n partie le noyau du navigateur Firefox pour l\u0027affichage de messages\n en format HTML, quand cela est autoris\u00e9. L\u0027utilisateur pourrait donc\n avoir son syst\u00e8me compromis suite \u00e0 la lecture d\u0027un courrier\n \u00e9lectronique. Cette option n\u0027est pas activ\u00e9e par d\u00e9faut.\n- la d\u00e9sactivation de Javascript dans la messagerie Thunderbird ne\n serait pas correctement effectu\u00e9e, et pourrait \u00eatre contourn\u00e9e afin\n de permettre l\u0027ex\u00e9cution de code Javascript \u00e0 l\u0027insu de\n l\u0027utilisateur.\n- une mauvaise v\u00e9rification des signatures RSA PKCS \\#1 v1.5 utilisant\n un exposant de valeur 3. Cette vuln\u00e9rabilit\u00e9 est \u00e0 mettre en\n relation avec l\u0027avis du CERTA CERTA-200-AVI-384 concernant OpenSSL.\n- la proc\u00e9dure de mise \u00e0 jour de Firefox et Thunderbird, bas\u00e9e sur SSL\n ne s\u0027effecturait pas correctement. Il serait possible, en usurpant\n les r\u00e9ponses DNS adress\u00e9es \u00e0 la victime, de rediriger ses requ\u00eates\n de mises \u00e0 jour vers un site malveillant. Le certificat ne serait\n alors pas convenablement v\u00e9rifi\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Mozilla pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-4339",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4339"
},
{
"name": "CVE-2006-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4566"
},
{
"name": "CVE-2006-4570",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4570"
},
{
"name": "CVE-2006-4253",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4253"
},
{
"name": "CVE-2006-4568",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4568"
},
{
"name": "CVE-2006-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4565"
},
{
"name": "CVE-2006-4567",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4567"
},
{
"name": "CVE-2006-4340",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4340"
},
{
"name": "CVE-2006-4569",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4569"
},
{
"name": "CVE-2006-4571",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4571"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-352 du 25 septembre 2006 :",
"url": "http://www.ubuntu.com/usn/usn-352-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-60 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2006:0675 du 15 septembre 2006 :",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0675.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-64 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-63 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2006:0677 du 15 septembre 2006 :",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0677.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-59 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-57 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-57.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-351 du 22 septembre 2006 :",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2006:054 du 22 septembre 2006 :",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Sep/0008.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:168 du 20 septembre 2006 :",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-62 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SGI 20060901-01-P du 19 septembre 2006 :",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-58 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-58.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-350 du 21 septembre 2006 :",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2006:0676 du 15 septembre 2006 :",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0676.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA-2006-61 :",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-61.html"
}
],
"reference": "CERTA-2006-AVI-391",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-09-15T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SuSE, Ubuntu, Red Hat, Mandriva et SGI.",
"revision_date": "2006-09-26T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Ubuntu, Red Hat.",
"revision_date": "2006-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifies dans les produits Mozilla\nFirefox, Thunderbird et SeaMonkey. L\u0027exploitation de ceux-ci contre un\nsyst\u00e8me vuln\u00e9rable peuvent conduire \u00e0 une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Mises \u00e0 jour Mozilla du 14 septembre 2006",
"url": null
}
]
}
GSD-2006-4569
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2006-4569",
"description": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.",
"id": "GSD-2006-4569",
"references": [
"https://www.suse.com/security/cve/CVE-2006-4569.html",
"https://access.redhat.com/errata/RHSA-2006:0675",
"https://linux.oracle.com/cve/CVE-2006-4569.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2006-4569"
],
"details": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.",
"id": "GSD-2006-4569",
"modified": "2023-12-13T01:19:51.828168Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/advisories/22066",
"refsource": "MISC",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "http://secunia.com/advisories/22210",
"refsource": "MISC",
"url": "http://secunia.com/advisories/22210"
},
{
"name": "http://www.ubuntu.com/usn/usn-354-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "http://www.vupen.com/english/advisories/2006/3748",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "http://www.vupen.com/english/advisories/2008/0083",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "http://secunia.com/advisories/21949",
"refsource": "MISC",
"url": "http://secunia.com/advisories/21949"
},
{
"name": "http://secunia.com/advisories/21950",
"refsource": "MISC",
"url": "http://secunia.com/advisories/21950"
},
{
"name": "http://secunia.com/advisories/22001",
"refsource": "MISC",
"url": "http://secunia.com/advisories/22001"
},
{
"name": "http://secunia.com/advisories/22025",
"refsource": "MISC",
"url": "http://secunia.com/advisories/22025"
},
{
"name": "http://secunia.com/advisories/22056",
"refsource": "MISC",
"url": "http://secunia.com/advisories/22056"
},
{
"name": "http://secunia.com/advisories/22195",
"refsource": "MISC",
"url": "http://secunia.com/advisories/22195"
},
{
"name": "http://secunia.com/advisories/22422",
"refsource": "MISC",
"url": "http://secunia.com/advisories/22422"
},
{
"name": "http://secunia.com/advisories/24711",
"refsource": "MISC",
"url": "http://secunia.com/advisories/24711"
},
{
"name": "http://security.gentoo.org/glsa/glsa-200609-19.xml",
"refsource": "MISC",
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
"refsource": "MISC",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html",
"refsource": "MISC",
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2006-0675.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name": "http://www.securityfocus.com/archive/1/446140/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
},
{
"name": "http://www.ubuntu.com/usn/usn-351-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name": "http://www.vupen.com/english/advisories/2007/1198",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742",
"refsource": "MISC",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "https://issues.rpath.com/browse/RPL-640",
"refsource": "MISC",
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"name": "http://www.securityfocus.com/bid/20042",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/20042"
},
{
"name": "http://securitytracker.com/id?1016849",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1016849"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html",
"refsource": "MISC",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4569"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html"
},
{
"name": "21949",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21949"
},
{
"name": "RHSA-2006:0675",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
},
{
"name": "20042",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/20042"
},
{
"name": "1016849",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1016849"
},
{
"name": "21950",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21950"
},
{
"name": "22001",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22001"
},
{
"name": "GLSA-200609-19",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
},
{
"name": "SUSE-SA:2006:054",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
},
{
"name": "USN-351-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-351-1"
},
{
"name": "USN-354-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "22025",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22025"
},
{
"name": "22210",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22210"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
},
{
"name": "22422",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22422"
},
{
"name": "22056",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22056"
},
{
"name": "22195",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22195"
},
{
"name": "https://issues.rpath.com/browse/RPL-640",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-640"
},
{
"name": "24711",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/24711"
},
{
"name": "MDKSA-2006:168",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
},
{
"name": "22066",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22066"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "SSRT061181",
"refsource": "HP",
"tags": [],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
},
{
"name": "ADV-2007-1198",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/1198"
},
{
"name": "firefox-popup-blocker-xss(28957)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957"
},
{
"name": "oval:org.mitre.oval:def:10650",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650"
},
{
"name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-17T21:37Z",
"publishedDate": "2006-09-15T19:07Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…