Vulnerability CVE-2006-1725 - CERT Civis.Net

Vulnerability Name:

CVE-2006-1725 (CCN-25827)

Assigned:

2006-04-13

Published:

2006-04-13

Updated:

2018-10-18

Summary:

Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.
Fixed in:
Firefox 1.5.0.2
SeaMonkey 1.0.1

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-1725

Source: CCN
Type: SA19631
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
19631

Source: CCN
Type: SA19649
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory, Vendor Advisory
19649

Source: SECUNIA
Type: Third Party Advisory
22066

Source: CCN
Type: ASA-2006-259
HP-UX Firefox Vulnerabilities

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: DEBIAN
Type: DSA-1046
mozilla -- several vulnerabilities

Source: CCN
Type: Mozilla Web site
Firefox - Rediscover the Web

Source: CCN
Type: MFSA 2006-29
Spoofing with translucent windows

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-29.html

Source: CCN
Type: OSVDB ID: 24683
Mozilla Multiple Products XUL Content Window Transparency Arbitrary Code Execution

Source: HP
Type: UNKNOWN
SSRT061181

Source: BID
Type: Third Party Advisory, VDB Entry
17516

Source: CCN
Type: BID-17516
Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2006-1356

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2006-3748

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2008-0083

Source: MISC
Type: Exploit, Issue Tracking, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=327014

Source: XF
Type: Third Party Advisory, VDB Entry
mozilla-xul-window-spoofing(25827)

Source: XF
Type: UNKNOWN
mozilla-xul-window-spoofing(25827)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:1471

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.2)

OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version < 1.0.1)

Configuration CCN 1:

cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1471	V	Mozilla Spoofing with Translucent Windows	2009-11-09