GSD-2006-2778
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2006-2778",
"description": "The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.",
"id": "GSD-2006-2778",
"references": [
"https://www.suse.com/security/cve/CVE-2006-2778.html",
"https://www.debian.org/security/2006/dsa-1134",
"https://www.debian.org/security/2006/dsa-1120",
"https://www.debian.org/security/2006/dsa-1118",
"https://access.redhat.com/errata/RHSA-2006:0611",
"https://access.redhat.com/errata/RHSA-2006:0610",
"https://access.redhat.com/errata/RHSA-2006:0609",
"https://access.redhat.com/errata/RHSA-2006:0594",
"https://access.redhat.com/errata/RHSA-2006:0578",
"https://linux.oracle.com/cve/CVE-2006-2778.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2006-2778"
],
"details": "The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.",
"id": "GSD-2006-2778",
"modified": "2023-12-13T01:19:52.680267Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20709"
},
{
"name": "21176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21176"
},
{
"name": "MDKSA-2006:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "USN-297-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/297-3/"
},
{
"name": "USN-296-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/296-1/"
},
{
"name": "USN-323-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/323-1/"
},
{
"name": "20561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20561"
},
{
"name": "TA06-153A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-153A.html"
},
{
"name": "21210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21210"
},
{
"name": "ADV-2007-0058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0058"
},
{
"name": "RHSA-2006:0594",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name": "21336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21336"
},
{
"name": "20382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20382"
},
{
"name": "1016214",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016214"
},
{
"name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "RHSA-2006:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name": "20376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20376"
},
{
"name": "MDKSA-2006:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name": "RHSA-2006:0609",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name": "21178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21178"
},
{
"name": "1016202",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016202"
},
{
"name": "21607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21607"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html"
},
{
"name": "18228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18228"
},
{
"name": "21532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21532"
},
{
"name": "21270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21270"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "21188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21188"
},
{
"name": "21134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21134"
},
{
"name": "21631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21631"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "USN-296-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/296-2/"
},
{
"name": "GLSA-200606-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
},
{
"name": "DSA-1118",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1118"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "DSA-1120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1120"
},
{
"name": "RHSA-2006:0611",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name": "mozilla-crypto-signtext-bo(26849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26849"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "DSA-1134",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1134"
},
{
"name": "GLSA-200606-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
},
{
"name": "21324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21324"
},
{
"name": "21183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21183"
},
{
"name": "102763",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "21269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21269"
},
{
"name": "SUSE-SA:2006:035",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
},
{
"name": "USN-297-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/297-1/"
},
{
"name": "RHSA-2006:0578",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
},
{
"name": "ADV-2006-2106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2106"
},
{
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "oval:org.mitre.oval:def:9703",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9703"
},
{
"name": "VU#421529",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/421529"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2778"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html"
},
{
"name": "VU#421529",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/421529"
},
{
"name": "TA06-153A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-153A.html"
},
{
"name": "18228",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/18228"
},
{
"name": "1016202",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1016202"
},
{
"name": "1016214",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1016214"
},
{
"name": "20376",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/20376"
},
{
"name": "20382",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/20382"
},
{
"name": "GLSA-200606-12",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml"
},
{
"name": "20561",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/20561"
},
{
"name": "GLSA-200606-21",
"refsource": "GENTOO",
"tags": [],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml"
},
{
"name": "SUSE-SA:2006:035",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
},
{
"name": "20709",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/20709"
},
{
"name": "RHSA-2006:0578",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html"
},
{
"name": "21134",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21134"
},
{
"name": "DSA-1118",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2006/dsa-1118"
},
{
"name": "DSA-1120",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2006/dsa-1120"
},
{
"name": "21183",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21183"
},
{
"name": "21176",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21176"
},
{
"name": "21178",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21178"
},
{
"name": "21188",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21188"
},
{
"name": "21210",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21210"
},
{
"name": "DSA-1134",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2006/dsa-1134"
},
{
"name": "RHSA-2006:0610",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name": "RHSA-2006:0611",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name": "21269",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21269"
},
{
"name": "21270",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21270"
},
{
"name": "RHSA-2006:0609",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name": "21336",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21336"
},
{
"name": "21324",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21324"
},
{
"name": "21532",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21532"
},
{
"name": "21607",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21607"
},
{
"name": "RHSA-2006:0594",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name": "21631",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21631"
},
{
"name": "102763",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1"
},
{
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name": "MDKSA-2006:145",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name": "MDKSA-2006:146",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name": "22065",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22065"
},
{
"name": "22066",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/22066"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "ADV-2006-2106",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2006/2106"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "ADV-2007-0058",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/0058"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "mozilla-crypto-signtext-bo(26849)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26849"
},
{
"name": "oval:org.mitre.oval:def:9703",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9703"
},
{
"name": "USN-323-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/323-1/"
},
{
"name": "USN-297-3",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/297-3/"
},
{
"name": "USN-297-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/297-1/"
},
{
"name": "USN-296-2",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/296-2/"
},
{
"name": "USN-296-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/296-1/"
},
{
"name": "SSRT061181",
"refsource": "HP",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "SSRT061236",
"refsource": "HP",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-18T16:42Z",
"publishedDate": "2006-06-02T18:02Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…