Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2778

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2778
Last Modified 07 Mar 2011 09:37:00
Published 02 Jun 2006 02:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2778

Summary

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

Vulnerable Systems

Application

  • Mozilla Firefox 1.5.0.3

  • Mozilla Thunderbird 1.5.0.3


References

CERT-VN - VU#421529

CERT - TA06-153A

VUPEN - ADV-2008-0083

VUPEN - ADV-2007-0058

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-3748

VUPEN - ADV-2006-2106

HP - SSRT061181

HP - HPSBUX02156

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-38.html

XF - mozilla-crypto-signtext-bo(26849)

UBUNTU - USN-323-1

UBUNTU - USN-297-3

UBUNTU - USN-297-1

UBUNTU - USN-296-2

UBUNTU - USN-296-1

BID - 18228

HP - HPSBUX02153

HP - SSRT061236

BUGTRAQ - 20060602 rPSA-2006-0091-1 firefox thunderbird

REDHAT - RHSA-2006:0611

REDHAT - RHSA-2006:0610

REDHAT - RHSA-2006:0594

REDHAT - RHSA-2006:0578

SUSE - SUSE-SA:2006:035

MANDRIVA - MDKSA-2006:146

MANDRIVA - MDKSA-2006:145

MANDRIVA - MDKSA-2006:143

GENTOO - GLSA-200606-21

GENTOO - GLSA-200606-12

DEBIAN - DSA-1134

DEBIAN - DSA-1120

DEBIAN - DSA-1118

SUNALERT - 102763

SECTRACK - 1016214

SECTRACK - 1016202

SECUNIA - 22066

SECUNIA - 22065

SECUNIA - 21631

SECUNIA - 21607

SECUNIA - 21532

SECUNIA - 21336

SECUNIA - 21324

SECUNIA - 21270

SECUNIA - 21269

SECUNIA - 21210

SECUNIA - 21188

SECUNIA - 21183

SECUNIA - 21178

SECUNIA - 21176

SECUNIA - 21134

SECUNIA - 20709

SECUNIA - 20561

SECUNIA - 20382

SECUNIA - 20376

REDHAT - RHSA-2006:0609


Last Updated: 27 May 2016 10:42:46