ID

VAR-200611-0368


CVE

CVE-2006-6077


TITLE

Mozilla Firefox Password manager vulnerable to password disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2006-000790

DESCRIPTION

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. Mozilla According to, there have been reports of phishing cases where this password manager issue was exploited. Mozilla Firefox is reportedly prone to an information-disclosure weakness because it fails to properly notify users of the automatic population of form fields in disparate URLs deriving from the same domain. Exploiting this issue may allow attackers to obtain user credentials that have been saved in forms deriving from the same website where attack code resides. The most common manifestation of this condition would typically be in blogs or forums. This may allow attackers to access potentially sensitive information that would facilitate the success of phishing attacks. Initial reports and preliminary testing indicate that this issue affects only Firefox 2. UPDATE: Firefox 2.0.0.10 is still vulnerable to the issue. UPDATE (March 17, 2008): Unconfirmed reports indicate that this issue affects Firefox 2.0.0.12; we will update this BID as more information emerges. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SeaMonkey: Multiple vulnerabilities Date: March 09, 2007 Bugs: #165555 ID: 200703-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in SeaMonkey, some of which may allow user-assisted arbitrary remote code execution. Background ========== The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/seamonkey < 1.1.1 >= 1.1.1 2 www-client/seamonkey-bin < 1.1.1 >= 1.1.1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonkey. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. SeaMonkey also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. All those vulnerabilities are the same as in GLSA 200703-04 affecting Mozilla Firefox. Impact ====== An attacker could entice a user to view a specially crafted web page or to read a specially crafted email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code. It is also possible for an attacker to spoof the address bar, steal information through cache collision, bypass the local file protection mechanism with pop-ups, or perform cross-site scripting attacks, leading to the exposure of sensitive information, such as user credentials. Workaround ========== There is no known workaround at this time for all of these issues, but most of them can be avoided by disabling JavaScript. Note that the execution of JavaScript is disabled by default in the SeaMonkey email client, and enabling it is strongly discouraged. Resolution ========== Users upgrading to the following release of SeaMonkey should note that the corresponding Mozilla Firefox upgrade has been found to lose the saved passwords file in some cases. The saved passwords are encrypted and stored in the 'signons.txt' file of ~/.mozilla/ and we advise our users to save that file before performing the upgrade. All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.1" All SeaMonkey binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.1" References ========== [ 1 ] CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 [ 2 ] CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 [ 3 ] CVE-2007-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776 [ 4 ] CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 [ 5 ] CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 [ 6 ] CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 [ 7 ] CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 [ 8 ] CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 [ 9 ] CVE-2007-0801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801 [ 10 ] CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 [ 11 ] CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 [ 12 ] Mozilla Password Loss Bug https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Netscape Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24289 VERIFY ADVISORY: http://secunia.com/advisories/24289/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Netscape 8.x http://secunia.com/product/5134/ DESCRIPTION: Multiple vulnerabilities have been reported in Netscape, which can be exploited by malicious people to bypass certain security restrictions, gain knowledge of sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system. See vulnerabilities #1, #2, #6, and #7 for more information: SA24205 The vulnerabilities have been reported in version 8.1.2. SOLUTION: Do not browse untrusted sites and disable Javascript. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html OTHER REFERENCES: SA24175: http://secunia.com/advisories/24175/ SA24205: http://secunia.com/advisories/24205/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1336-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 22nd, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mozilla-firefox Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 CVE-2006-6077 Several remote vulnerabilities have been discovered in Mozilla Firefox. This will be the last security update of Mozilla-based products for the oldstable (sarge) distribution of Debian. We recommend to upgrade to stable (etch) as soon as possible. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2007-1282 It was discovered that an integer overflow in text/enhanced message parsing allows the execution of arbitrary code. CVE-2007-0994 It was discovered that a regression in the Javascript engine allows the execution of Javascript with elevated privileges. CVE-2007-0995 It was discovered that incorrect parsing of invalid HTML characters allows the bypass of content filters. CVE-2007-0996 It was discovered that insecure child frame handling allows cross-site scripting. CVE-2007-0981 It was discovered that Firefox handles URI withs a null byte in the hostname insecurely. CVE-2007-0008 It was discovered that a buffer overflow in the NSS code allows the execution of arbitrary code. CVE-2007-0009 It was discovered that a buffer overflow in the NSS code allows the execution of arbitrary code. CVE-2007-0775 It was discovered that multiple programming errors in the layout engine allow the execution of arbitrary code. CVE-2007-0778 It was discovered that the page cache calculates hashes in an insecure manner. CVE-2006-6077 It was discovered that the password manager allows the disclosure of passwords. For the oldstable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge17. You should upgrade to etch as soon as possible. The stable distribution (etch) isn't affected. These vulnerabilities have been fixed prior to the release of Debian etch. The unstable distribution (sid) no longer contains mozilla-firefox. Iceweasel is already fixed. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc Size/MD5 checksum: 1641 36715bb647cb3b7cd117edee90a34bfd http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz Size/MD5 checksum: 553311 4ba992e60e5c6b156054c5105b1134ae http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d Alpha architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb Size/MD5 checksum: 11221890 5d8d1de73d162edf8ddbaa40844bb454 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb Size/MD5 checksum: 172696 42d5c31ec7a2e3163846c347f04773df http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb Size/MD5 checksum: 63574 238529b9d4ae396dc01d786d4fb843b4 AMD64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb Size/MD5 checksum: 9429140 8394fcd85a7218db784160702efc5249 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb Size/MD5 checksum: 166496 795a8ec3e1aa1b0a718ad6f4439670ef http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb Size/MD5 checksum: 62022 ef315cc90c3780ff151cd2271e913859 ARM architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb Size/MD5 checksum: 8244544 71eaf9cb5418a77410ff12c7f36eb32b http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb Size/MD5 checksum: 157966 5e2e22d04a33ccbc0e6b19b4c4d43492 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb Size/MD5 checksum: 57358 6f34a7a02114e48cadc6860b86f75130 HP Precision architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb Size/MD5 checksum: 10301620 3700a0b7dcb0ab061b3521e2a3f232f9 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb Size/MD5 checksum: 169432 387b8fa52d406dfdd26c3adc3ccac615 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb Size/MD5 checksum: 62500 80addaf2d87b6952fdc9104c5fc9dfde Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb Size/MD5 checksum: 8919924 8fc67257357687c8611b3e4e5389aee4 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb Size/MD5 checksum: 161684 6c989c4276e34c6031b6185418a8ddb1 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb Size/MD5 checksum: 58896 7e48aa697c8c17f7d22de860a17e7dfd Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb Size/MD5 checksum: 11664142 aa008699700ba3c8b45d3a8961e99192 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb Size/MD5 checksum: 172030 e79af50f04490de310cda7f6ce652d44 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb Size/MD5 checksum: 66718 8cabdbf0919ac447c5d492ef6227d9af Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb Size/MD5 checksum: 8196148 e3544446b371fd7ed4b79e53f69b556a http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb Size/MD5 checksum: 160556 0164d4c0f675a020643ccedf94a55eb8 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb Size/MD5 checksum: 58168 b429907e69e8daa7d51e45552659da27 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb Size/MD5 checksum: 9954006 0eb0513fc950e7cd8abcae9666b24a7b http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb Size/MD5 checksum: 159496 ca0585a663a5470d3a62ae0786864beb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb Size/MD5 checksum: 59170 22ea96156de56d046a7afd73d4857419 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb Size/MD5 checksum: 9831728 dda6865c7290fce658847f0909617c73 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb Size/MD5 checksum: 159060 e7a7c4db0f5df82f84ceef6827df2bea http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb Size/MD5 checksum: 58984 b0b02ac1c62041db8d377a7ff40c013c PowerPC architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb Size/MD5 checksum: 8587718 8d219ce9e684b86babfe31db9d7d9658 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb Size/MD5 checksum: 159762 41f3707945d5edae6ee1ac90bdef5cab http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb Size/MD5 checksum: 60936 1a79408acd12828a3710393e05d99914 IBM S/390 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb Size/MD5 checksum: 9667078 5838d957637b4d4c2c19afea0dd68db5 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb Size/MD5 checksum: 167092 4dd6de7299014d5e0c13da8e480a7f3c http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb Size/MD5 checksum: 61472 64d10c667ed4c6c12947c49f5cca8ff6 Sun Sparc architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb Size/MD5 checksum: 8680322 241cddabdf91eb14b0a6529ffc84a51d http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb Size/MD5 checksum: 160304 7887081b85d3ead3994a997608bbe22a http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb Size/MD5 checksum: 57718 4a4eeeb0815cb03d51f74965403911ad These files will probably be moved into the oldstable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGo5b7Xm3vHE4uyloRAsdgAKDTo6NxeylHh30syJpFeyF5/Yr/XwCdH188 NdI5zd36oN5mVqIDUsqYC3o= =/qY/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Update: A regression was found in the latest Firefox packages provided where changes to library paths caused applications that depended on the NSS libraries (such as Thunderbird and Evolution) to fail to start or fail to load certain SSL-related security components. These new packages correct that problem and we apologize for any inconvenience the previous update may have caused. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092 http://www.mozilla.org/security/announce/2007/mfsa2007-01.html http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.mozilla.org/security/announce/2007/mfsa2007-03.html http://www.mozilla.org/security/announce/2007/mfsa2007-04.html http://www.mozilla.org/security/announce/2007/mfsa2007-05.html http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.mozilla.org/security/announce/2007/mfsa2007-07.html http://www.mozilla.org/security/announce/2007/mfsa2007-08.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 411bc0bdd8dc32950a84c77ed3319508 2007.0/i586/libmozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.i586.rpm 9ceb031931003fb861882f4455c6648b 2007.0/i586/libmozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.i586.rpm db615eadf763927182c8657d11b1ae54 2007.0/i586/libnspr4-1.5.0.10-2mdv2007.0.i586.rpm bd7dca3e972f552b5dd347822e17f1e1 2007.0/i586/libnspr4-devel-1.5.0.10-2mdv2007.0.i586.rpm bb4709aa4bf277e32c25e07d93641802 2007.0/i586/libnspr4-static-devel-1.5.0.10-2mdv2007.0.i586.rpm babf7d44d0340cd51f45249d3002180e 2007.0/i586/libnss3-1.5.0.10-2mdv2007.0.i586.rpm 19a967982b748b879b1904d5bcea174d 2007.0/i586/libnss3-devel-1.5.0.10-2mdv2007.0.i586.rpm 6333bab7a5d530836fa5a64383bcdd30 2007.0/i586/mozilla-firefox-1.5.0.10-2mdv2007.0.i586.rpm 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 9fe9779d9d02f0aa73d28096cc237d00 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-1.5.0.10-2mdv2007.0.x86_64.rpm 3c0a879b450f5c2569eb81d397a82906 2007.0/x86_64/lib64mozilla-firefox1.5.0.10-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 338d81330e754d5ffd22dea67c2fbfd2 2007.0/x86_64/lib64nspr4-1.5.0.10-2mdv2007.0.x86_64.rpm 0c840ec9a78c48d975db6bca80e53caa 2007.0/x86_64/lib64nspr4-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 3f1ba2da63bf990b3958f184bdf4d96f 2007.0/x86_64/lib64nspr4-static-devel-1.5.0.10-2mdv2007.0.x86_64.rpm cd9ef9efe9f859467a07bfc20899156d 2007.0/x86_64/lib64nss3-1.5.0.10-2mdv2007.0.x86_64.rpm d6243e7d7c76a5ff5a418f7304cdcff2 2007.0/x86_64/lib64nss3-devel-1.5.0.10-2mdv2007.0.x86_64.rpm 0fec2d70c6a797521304598b802d03b1 2007.0/x86_64/mozilla-firefox-1.5.0.10-2mdv2007.0.x86_64.rpm 72672b4bbfcc4f13d5820a4c11bca547 2007.0/SRPMS/mozilla-firefox-1.5.0.10-2mdv2007.0.src.rpm Corporate 3.0: 24fbf58752279b3a5ec8d186d7c6142b corporate/3.0/i586/libnspr4-1.5.0.10-1.1.C30mdk.i586.rpm cc59dd85bcdc065ed4ee7f3d299e971a corporate/3.0/i586/libnspr4-devel-1.5.0.10-1.1.C30mdk.i586.rpm 284b6bf1210fb854361a9af3062528e1 corporate/3.0/i586/libnspr4-static-devel-1.5.0.10-1.1.C30mdk.i586.rpm cf17ffa7ff1734b850c7f7a5b7f780ee corporate/3.0/i586/libnss3-1.5.0.10-1.1.C30mdk.i586.rpm 82e74bce4abb564958d0225bc94687d6 corporate/3.0/i586/libnss3-devel-1.5.0.10-1.1.C30mdk.i586.rpm 5af5da7a1f51c609568f03b2026c0687 corporate/3.0/i586/mozilla-firefox-1.5.0.10-1.1.C30mdk.i586.rpm df2d940bf4af073e1dc983c1143a8079 corporate/3.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.i586.rpm efd17411a1dc5bed3d7e79f0a28b4073 corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm Corporate 3.0/X86_64: be6fa4a501b973f9016716ae6ffb1b25 corporate/3.0/x86_64/lib64nspr4-1.5.0.10-1.1.C30mdk.x86_64.rpm a06bb78d6531ffac3e750236a0cb13de corporate/3.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm 2f2dd393236be80e8f8ca226145115e7 corporate/3.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm 3a42bca7fd7ab26e65bf0a4ca7485db1 corporate/3.0/x86_64/lib64nss3-1.5.0.10-1.1.C30mdk.x86_64.rpm 68cef069c9e2d4f1336c58e8e5f126ca corporate/3.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm 0bd6c6adc8fd1be8d3b02fb5505c9330 corporate/3.0/x86_64/mozilla-firefox-1.5.0.10-1.1.C30mdk.x86_64.rpm 27262a966199c19006327fa21dab1f69 corporate/3.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.C30mdk.x86_64.rpm efd17411a1dc5bed3d7e79f0a28b4073 corporate/3.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.C30mdk.src.rpm Corporate 4.0: 0f782ea68bc9177e333dd77c26eeec7f corporate/4.0/i586/libnspr4-1.5.0.10-1.1.20060mlcs4.i586.rpm 408511a886dd0619f4ae9a1d93137eeb corporate/4.0/i586/libnspr4-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 6b3ad9cf7c2f4b7a008c6fd9c584289b corporate/4.0/i586/libnspr4-static-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 31927dd82ca439052fe166e6b2864e07 corporate/4.0/i586/libnss3-1.5.0.10-1.1.20060mlcs4.i586.rpm 021eef345d030d8112f227b0b2c3a0f6 corporate/4.0/i586/libnss3-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 2485f65a1860840e7abe7cd5a447c538 corporate/4.0/i586/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.i586.rpm ef609ec54c3e70b47067668f68c74e65 corporate/4.0/i586/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.i586.rpm 64e5ea6cd7dc856aa4f7eda630e40d14 corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: fab1a497ea9801a29637f049e520422b corporate/4.0/x86_64/lib64nspr4-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 647d403327794eb30e81e6b91b407dd1 corporate/4.0/x86_64/lib64nspr4-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 247c6c555fe4917bbdf3ae884ac309ba corporate/4.0/x86_64/lib64nspr4-static-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 710e426e4200912e2b4718d1c0613c58 corporate/4.0/x86_64/lib64nss3-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 2efe3ddeb772f3d706f429bccd34675c corporate/4.0/x86_64/lib64nss3-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 13e414365c4f1d3768a375cf29a40aa4 corporate/4.0/x86_64/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 261d63f5547804f20ee022290429c866 corporate/4.0/x86_64/mozilla-firefox-devel-1.5.0.10-1.1.20060mlcs4.x86_64.rpm 64e5ea6cd7dc856aa4f7eda630e40d14 corporate/4.0/SRPMS/mozilla-firefox-1.5.0.10-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF6H18mqjQ0CJFipgRAna2AJ9Qa8Vf923jNIzai9QzQOOS4NRETgCgyICD +eNPSjeb5EQGZ6E5dYWPNSM= =AgMP -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2006-6077 // JVNDB: JVNDB-2006-000790 // BID: 21240 // VULHUB: VHN-22185 // PACKETSTORM: 55035 // PACKETSTORM: 54701 // PACKETSTORM: 54814 // PACKETSTORM: 57941 // PACKETSTORM: 54914 // PACKETSTORM: 54837

AFFECTED PRODUCTS

vendor:netscapemodel:navigatorscope:eqversion:8.1.2

Trust: 1.6

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.1

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.4

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.6

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.3

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:1.5

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:2.0

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.5

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.2

Trust: 1.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.7

Trust: 1.3

vendor:mozillamodel:firefoxscope:lteversion:1.5.0.8

Trust: 1.0

vendor:mozillamodel:firefoxscope:lteversion:1.5.0.9

Trust: 0.8

vendor:mozillamodel:firefoxscope:lteversion:2.0.0.1

Trust: 0.8

vendor:mozillamodel:seamonkeyscope:lteversion:1.0.7

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.1

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinuxscope:eqversion:10_f

Trust: 0.8

vendor:turbo linuxmodel:turbolinux desktopscope:eqversion:10

Trust: 0.8

vendor:turbo linuxmodel:turbolinux multimediascope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux personalscope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 (x64)

Trust: 0.8

vendor:turbo linuxmodel:homescope: - version: -

Trust: 0.8

vendor:netscapemodel:netscapescope:eqversion:8.1.2 ( other may also be affected. )

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:linux advanced workstationscope:eqversion:2.1

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:red hatmodel:rhel optional productivity applicationsscope:eqversion:5 (server)

Trust: 0.8

vendor:mozillamodel:seamonkeyscope:eqversion:1.0.5

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2007.0

Trust: 0.3

vendor:debianmodel:linux ppcscope:eqversion:3.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.9

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:0.7.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:5.10

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:1.5

Trust: 0.3

vendor:mozillamodel:seamonkeyscope:eqversion:1.0.2

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:5.10

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0x86

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:mozillamodel:seamonkeyscope:eqversion:1.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:5.10

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:10.1x86

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.8

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:5.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:6.10

Trust: 0.3

vendor:turbolinuxmodel:personalscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:s u s emodel:novell linux desktopscope:eqversion:9

Trust: 0.3

vendor:s u s emodel:unitedlinuxscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processorscope:eqversion:2.1

Trust: 0.3

vendor:turbolinuxmodel:fujiscope: - version: -

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:1.0.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:messaging storage server mm3.0scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope: - version: -

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.6

Trust: 0.3

vendor:mozillamodel:firefox betascope:eqversion:1.52

Trust: 0.3

vendor:mozillamodel:seamonkeyscope:neversion:1.0.8

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:2.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:6.10

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:1.0.2

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:6.10

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:1.0

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:0.8

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:mozillamodel:seamonkeyscope:eqversion:1.0.6

Trust: 0.3

vendor:turbolinuxmodel:homescope: - version: -

Trust: 0.3

vendor:mozillamodel:seamonkeyscope:eqversion:1.0.7

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2007.0

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:8

Trust: 0.3

vendor:s u s emodel:suse linux retail solutionscope:eqversion:8.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:redhatmodel:enterprise linux optional productivity application serverscope:eqversion:5

Trust: 0.3

vendor:mozillamodel:thunderbirdscope:eqversion:1.5.0.8

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:mozillamodel:firefox betascope:eqversion:2.01

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processor ia64scope:eqversion:2.1

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:10.0x86

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:2.0.0.10

Trust: 0.3

vendor:redhatmodel:fedora core5scope: - version: -

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:0.8.4

Trust: 0.3

vendor:mozillamodel:seamonkeyscope:eqversion:1.0.3

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:mozillamodel:firefoxscope:neversion:2.0.0.2

Trust: 0.3

vendor:mozillamodel:firefox rc3scope:eqversion:2.0

Trust: 0.3

vendor:mozillamodel:firefox betascope:eqversion:1.51

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:3.1

Trust: 0.3

vendor:mozillamodel:firefox rc2scope:eqversion:2.0

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:2.0.1

Trust: 0.3

vendor:turbolinuxmodel:desktopscope:eqversion:10.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:turbolinuxmodel:f...scope:eqversion:10

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:9.3x86

Trust: 0.3

vendor:s u s emodel:novell linux posscope:eqversion:9

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:0.8.3

Trust: 0.3

vendor:mozillamodel:firefoxscope:neversion:1.5.0.10

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:fedora core6scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:1.0.4

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:3.1

Trust: 0.3

vendor:sgimodel:propack sp6scope:eqversion:3.0

Trust: 0.3

vendor:s u s emodel:suse linux school server for i386scope: - version: -

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.2

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:mozillamodel:seamonkey devscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:2.0.0.12

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:3.1

Trust: 0.3

vendor:mozillamodel:caminoscope:eqversion:1.0.3

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:3.1

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:3.1

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:s u s emodel:suse linux openexchange serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:1.0

Trust: 0.3

vendor:mozillamodel:seamonkeyscope:eqversion:1.0.1

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:1.5.0.8

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0.0x64

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:netscapemodel:browserscope:eqversion:8.1.2

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:mozillamodel:caminoscope:neversion:1.5.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:3.1

Trust: 0.3

vendor:turbolinuxmodel:multimediascope: - version: -

Trust: 0.3

sources: BID: 21240 // JVNDB: JVNDB-2006-000790 // CNNVD: CNNVD-200611-402 // NVD: CVE-2006-6077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6077
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-6077
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200611-402
value: MEDIUM

Trust: 0.6

VULHUB: VHN-22185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-6077
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22185
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22185 // JVNDB: JVNDB-2006-000790 // CNNVD: CNNVD-200611-402 // NVD: CVE-2006-6077

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6077

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 57941 // CNNVD: CNNVD-200611-402

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200611-402

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000790

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-22185

PATCH

title:HPSBUX02153url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00771742

Trust: 0.8

title:HPSBUX02153url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02153.html

Trust: 0.8

title:seamonkey (V2.x)url:http://www.miraclelinux.com/support/update/list.php?errata_id=984

Trust: 0.8

title:firefox (V4.0)url:http://www.miraclelinux.com/support/update/list.php?errata_id=946

Trust: 0.8

title:mfsa2007-02url:http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

Trust: 0.8

title:mfsa2007-02url:http://www.mozilla-japan.org/security/announce/2007/mfsa2007-02.html

Trust: 0.8

title:Top Pageurl:http://browser.netscape.com/

Trust: 0.8

title:RHSA-2007:0077url:https://rhn.redhat.com/errata/RHSA-2007-0077.html

Trust: 0.8

title:RHSA-2007:0078url:https://rhn.redhat.com/errata/RHSA-2007-0078.html

Trust: 0.8

title:RHSA-2007:0079url:https://rhn.redhat.com/errata/RHSA-2007-0079.html

Trust: 0.8

title:RHSA-2007:0097url:https://rhn.redhat.com/errata/RHSA-2007-0097.html

Trust: 0.8

title:RHSA-2007:0108 url:https://rhn.redhat.com/errata/RHSA-2007-0108.html

Trust: 0.8

title:TLSA-2007-13url:http://www.turbolinux.com/security/2007/TLSA-2007-13.txt

Trust: 0.8

title:RHSA-2007:0079url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0079J.html

Trust: 0.8

title:RHSA-2007:0097url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0097J.html

Trust: 0.8

title:RHSA-2007:0108 url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0108J.html

Trust: 0.8

title:RHSA-2007:0077url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0077J.html

Trust: 0.8

title:RHSA-2007:0078url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0078J.html

Trust: 0.8

title:TLSA-2007-13url:http://www.turbolinux.co.jp/security/2007/TLSA-2007-13j.txt

Trust: 0.8

sources: JVNDB: JVNDB-2006-000790

EXTERNAL IDS

db:NVDid:CVE-2006-6077

Trust: 3.3

db:BIDid:21240

Trust: 2.8

db:SECUNIAid:23046

Trust: 2.5

db:SECTRACKid:1017271

Trust: 2.5

db:SECUNIAid:23108

Trust: 1.9

db:SECUNIAid:24238

Trust: 1.9

db:SECUNIAid:24205

Trust: 1.9

db:SECUNIAid:24395

Trust: 1.7

db:SECUNIAid:24437

Trust: 1.7

db:SECUNIAid:24457

Trust: 1.7

db:SECUNIAid:24650

Trust: 1.7

db:SECUNIAid:25588

Trust: 1.7

db:SECUNIAid:24393

Trust: 1.7

db:BIDid:22694

Trust: 1.7

db:VUPENid:ADV-2006-4662

Trust: 1.7

db:VUPENid:ADV-2007-0718

Trust: 1.7

db:XFid:30470

Trust: 1.4

db:SECUNIAid:24328

Trust: 1.1

db:SECUNIAid:24320

Trust: 1.1

db:SECUNIAid:24342

Trust: 1.1

db:SECUNIAid:24293

Trust: 1.1

db:SECUNIAid:24290

Trust: 1.1

db:SECUNIAid:24343

Trust: 1.1

db:SECUNIAid:24384

Trust: 1.1

db:SECUNIAid:24333

Trust: 1.1

db:SECUNIAid:24287

Trust: 1.1

db:JVNDBid:JVNDB-2006-000790

Trust: 0.8

db:CNNVDid:CNNVD-200611-402

Trust: 0.7

db:UBUNTUid:USN-428-1

Trust: 0.6

db:REDHATid:RHSA-2007:0078

Trust: 0.6

db:REDHATid:RHSA-2007:0079

Trust: 0.6

db:REDHATid:RHSA-2007:0097

Trust: 0.6

db:REDHATid:RHSA-2007:0108

Trust: 0.6

db:MANDRIVAid:MDKSA-2007:050

Trust: 0.6

db:BUGTRAQid:20061123 PASSWORD FLAW ALSO IN FIREFOX 1.5.08. WAS: BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS

Trust: 0.6

db:BUGTRAQid:20061221 RE: CRITICAL FLAW IN FIREFOX 2.0.0.1 ALLOWS TO STEAL THE USER PASSWORDS WITH A VIDEOCLIP

Trust: 0.6

db:BUGTRAQid:20061220 CRITICAL FLAW IN FIREFOX 2.0.0.1 ALLOWS TO STEAL THE USER PASSWORDS WITH A VIDEOCLIP

Trust: 0.6

db:BUGTRAQid:20061222 RE[2]: CRITICAL FLAW IN FIREFOX 2.0.0.1 ALLOWS TO STEAL THE USER PASSWORDS WITH A VIDEOCLIP

Trust: 0.6

db:BUGTRAQid:20061122 BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS

Trust: 0.6

db:BUGTRAQid:20070303 RPSA-2007-0040-3 FIREFOX THUNDERBIRD

Trust: 0.6

db:BUGTRAQid:20070226 RPSA-2007-0040-1 FIREFOX

Trust: 0.6

db:BUGTRAQid:20061123 RE: PASSWORD FLAW ALSO IN FIREFOX 1.5.08. WAS: BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS

Trust: 0.6

db:BUGTRAQid:20061123 RE: BIG FLAW IN FIREFOX 2: PASSWORD MANAGER BUG EXPOSES PASSWORDS

Trust: 0.6

db:SUSEid:SUSE-SA:2007:022

Trust: 0.6

db:GENTOOid:GLSA-200703-04

Trust: 0.6

db:GENTOOid:GLSA-200703-08

Trust: 0.6

db:SLACKWAREid:SSA:2007-066-05

Trust: 0.6

db:DEBIANid:DSA-1336

Trust: 0.6

db:PACKETSTORMid:55035

Trust: 0.2

db:PACKETSTORMid:54914

Trust: 0.2

db:PACKETSTORMid:54814

Trust: 0.2

db:PACKETSTORMid:54837

Trust: 0.2

db:PACKETSTORMid:54812

Trust: 0.1

db:VULHUBid:VHN-22185

Trust: 0.1

db:SECUNIAid:24289

Trust: 0.1

db:PACKETSTORMid:54701

Trust: 0.1

db:PACKETSTORMid:57941

Trust: 0.1

sources: VULHUB: VHN-22185 // BID: 21240 // JVNDB: JVNDB-2006-000790 // PACKETSTORM: 55035 // PACKETSTORM: 54701 // PACKETSTORM: 54814 // PACKETSTORM: 57941 // PACKETSTORM: 54914 // PACKETSTORM: 54837 // CNNVD: CNNVD-200611-402 // NVD: CVE-2006-6077

REFERENCES

url:http://www.securityfocus.com/bid/21240

Trust: 2.5

url:http://securitytracker.com/id?1017271

Trust: 2.5

url:http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

Trust: 2.3

url:https://bugzilla.mozilla.org/show_bug.cgi?id=360493

Trust: 2.0

url:http://www.info-svc.com/news/11-21-2006/

Trust: 2.0

url:http://security.gentoo.org/glsa/glsa-200703-04.xml

Trust: 1.8

url:http://www.securityfocus.com/bid/22694

Trust: 1.7

url:https://issues.rpath.com/browse/rpl-1081

Trust: 1.7

url:https://issues.rpath.com/browse/rpl-1103

Trust: 1.7

url:http://www.debian.org/security/2007/dsa-1336

Trust: 1.7

url:http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdksa-2007:050

Trust: 1.7

url:http://www.info-svc.com/news/11-21-2006/rcsr1/

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2007-0077.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2007-0078.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2007-0079.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2007-0097.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2007-0108.html

Trust: 1.7

url:http://secunia.com/advisories/23046

Trust: 1.7

url:http://secunia.com/advisories/24395

Trust: 1.7

url:http://secunia.com/advisories/24437

Trust: 1.7

url:http://secunia.com/advisories/24457

Trust: 1.7

url:http://secunia.com/advisories/24650

Trust: 1.7

url:http://secunia.com/advisories/25588

Trust: 1.7

url:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-428-1

Trust: 1.7

url:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2006/4662

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/30470

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6077

Trust: 1.2

url:http://www.securityfocus.com/archive/1/452382/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/452431/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/452440/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/452463/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/454982/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/455073/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/455148/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/461336/100/0/threaded

Trust: 1.1

url:http://www.securityfocus.com/archive/1/461809/100/0/threaded

Trust: 1.1

url:http://fedoranews.org/cms/node/2713

Trust: 1.1

url:http://fedoranews.org/cms/node/2728

Trust: 1.1

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c00771742

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10031

Trust: 1.1

url:http://secunia.com/advisories/23108

Trust: 1.1

url:http://secunia.com/advisories/24205

Trust: 1.1

url:http://secunia.com/advisories/24238

Trust: 1.1

url:http://secunia.com/advisories/24287

Trust: 1.1

url:http://secunia.com/advisories/24290

Trust: 1.1

url:http://secunia.com/advisories/24293

Trust: 1.1

url:http://secunia.com/advisories/24320

Trust: 1.1

url:http://secunia.com/advisories/24328

Trust: 1.1

url:http://secunia.com/advisories/24333

Trust: 1.1

url:http://secunia.com/advisories/24342

Trust: 1.1

url:http://secunia.com/advisories/24343

Trust: 1.1

url:http://secunia.com/advisories/24384

Trust: 1.1

url:http://secunia.com/advisories/24393

Trust: 1.1

url:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-p.asc

Trust: 1.1

url:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-p.asc

Trust: 1.1

url:http://lists.suse.com/archive/suse-security-announce/2007-mar/0001.html

Trust: 1.1

url:http://www.vupen.com/english/advisories/2006/4662

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/0718

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/30470

Trust: 1.1

url:http://secunia.com/advisories/24205/

Trust: 0.9

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-6077

Trust: 0.8

url:http://secunia.com/advisories/24238/

Trust: 0.8

url:http://secunia.com/advisories/23046/

Trust: 0.8

url:http://secunia.com/advisories/23108/

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/452463/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/452440/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/452431/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/452382/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/455148/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/455073/100/0/threaded

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/454982/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2007/0718

Trust: 0.6

url:http://secunia.com

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2007-0775

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2007-0981

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2007-0778

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2006-6077

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2007-0995

Trust: 0.5

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0780

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2007-0800

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0777

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0775

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2007-0779

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2007-0780

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2007-0777

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0995

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0778

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0779

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0800

Trust: 0.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0981

Trust: 0.4

url:http://www.caminobrowser.org/releases/1.5.1/

Trust: 0.3

url:http://www.securitypronews.com/news/securitynews/spn-45-20061121firefoxopentonewxssflaw.html

Trust: 0.3

url:http://news.netcraft.com/archives/2006/10/27/myspace_accounts_compromised_by_phishers.html

Trust: 0.3

url:/archive/1/452382

Trust: 0.3

url:/archive/1/454982

Trust: 0.3

url:/archive/1/452463

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2007-114.htm

Trust: 0.3

url:http://www2.itrc.hp.com/service/cki/docdisplay.do?admit=-1335382922+1188588104897+28353475&docid=c00771742

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2007-0078.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2007-0079.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2007-0097.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2007-0108.html

Trust: 0.3

url:http://www.mozilla.org/security/announce/2007/mfsa2007-03.html

Trust: 0.3

url:http://www.mozilla.org/security/announce/2007/mfsa2007-06.html

Trust: 0.3

url:http://www.mozilla.org/security/announce/2007/mfsa2007-07.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-0008

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-0009

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-0996

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0776

Trust: 0.2

url:https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366

Trust: 0.2

url:http://bugs.gentoo.org.

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-0776

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0801

Trust: 0.2

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:http://security.gentoo.org/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-0801

Trust: 0.2

url:http://www.mozilla.org/security/announce/2007/mfsa2007-01.html

Trust: 0.2

url:http://www.mozilla.org/security/announce/2007/mfsa2007-04.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1092

Trust: 0.2

url:http://www.mozilla.org/security/announce/2007/mfsa2007-05.html

Trust: 0.2

url:http://www.mandriva.com/security/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0009

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-1092

Trust: 0.2

url:http://www.mandriva.com/security/advisories

Trust: 0.2

url:http://www.mozilla.org/security/announce/2007/mfsa2007-08.html

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0008

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0996

Trust: 0.2

url:http://slackware.com/security/viewer.php?l=slackware-security&amp;y=2007&amp;m=slackware-security.338131

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-200703-08.xml

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/software_inspector/

Trust: 0.1

url:http://secunia.com/advisories/24289/

Trust: 0.1

url:http://secunia.com/advisories/24175/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/5134/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1282

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0994

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0045

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb

Trust: 0.1

url:http://packages.debian.org/<pkg>

Trust: 0.1

url:http://security.debian.org/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb

Trust: 0.1

sources: VULHUB: VHN-22185 // BID: 21240 // JVNDB: JVNDB-2006-000790 // PACKETSTORM: 55035 // PACKETSTORM: 54701 // PACKETSTORM: 54814 // PACKETSTORM: 57941 // PACKETSTORM: 54914 // PACKETSTORM: 54837 // CNNVD: CNNVD-200611-402 // NVD: CVE-2006-6077

CREDITS

Robert Chapin discovered this weakness.

Trust: 0.9

sources: BID: 21240 // CNNVD: CNNVD-200611-402

SOURCES

db:VULHUBid:VHN-22185
db:BIDid:21240
db:JVNDBid:JVNDB-2006-000790
db:PACKETSTORMid:55035
db:PACKETSTORMid:54701
db:PACKETSTORMid:54814
db:PACKETSTORMid:57941
db:PACKETSTORMid:54914
db:PACKETSTORMid:54837
db:CNNVDid:CNNVD-200611-402
db:NVDid:CVE-2006-6077

LAST UPDATE DATE

2024-11-22T21:18:21.379000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-22185date:2018-10-17T00:00:00
db:BIDid:21240date:2008-03-17T18:00:00
db:JVNDBid:JVNDB-2006-000790date:2007-08-01T00:00:00
db:CNNVDid:CNNVD-200611-402date:2006-11-27T00:00:00
db:NVDid:CVE-2006-6077date:2018-10-17T21:46:26.407

SOURCES RELEASE DATE

db:VULHUBid:VHN-22185date:2006-11-24T00:00:00
db:BIDid:21240date:2006-11-21T00:00:00
db:JVNDBid:JVNDB-2006-000790date:2007-04-01T00:00:00
db:PACKETSTORMid:55035date:2007-03-14T00:19:53
db:PACKETSTORMid:54701date:2007-02-27T16:54:22
db:PACKETSTORMid:54814date:2007-03-06T04:36:13
db:PACKETSTORMid:57941date:2007-07-23T04:37:49
db:PACKETSTORMid:54914date:2007-03-08T22:28:15
db:PACKETSTORMid:54837date:2007-03-06T06:26:26
db:CNNVDid:CNNVD-200611-402date:2006-11-24T00:00:00
db:NVDid:CVE-2006-6077date:2006-11-24T17:07:00