Vulnerability Name:

CVE-2006-1728 (CCN-25812)

Assigned:2006-04-14
Published:2006-04-14
Updated:2018-10-18
Summary:Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: Broken Link
SCOSA-2006.26

Source: SGI
Type: Broken Link
20060404-01-U

Source: MITRE
Type: CNA
CVE-2006-1728

Source: SUSE
Type: Broken Link
SUSE-SA:2006:021

Source: CCN
Type: RHSA-2006-0328
firefox security update

Source: CCN
Type: RHSA-2006-0329
mozilla security update

Source: CCN
Type: RHSA-2006-0330
thunderbird security update

Source: CCN
Type: SA19631
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
19631

Source: CCN
Type: SA19649
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
19649

Source: SECUNIA
Type: Third Party Advisory
19696

Source: SECUNIA
Type: Third Party Advisory
19714

Source: SECUNIA
Type: Third Party Advisory
19721

Source: SECUNIA
Type: Third Party Advisory
19729

Source: SECUNIA
Type: Third Party Advisory
19746

Source: SECUNIA
Type: Third Party Advisory
19759

Source: SECUNIA
Type: Third Party Advisory
19780

Source: SECUNIA
Type: Third Party Advisory
19794

Source: SECUNIA
Type: Third Party Advisory
19811

Source: SECUNIA
Type: Third Party Advisory
19821

Source: SECUNIA
Type: Third Party Advisory
19823

Source: SECUNIA
Type: Third Party Advisory
19852

Source: SECUNIA
Type: Third Party Advisory
19862

Source: SECUNIA
Type: Third Party Advisory
19863

Source: SECUNIA
Type: Third Party Advisory
19902

Source: SECUNIA
Type: Third Party Advisory
19941

Source: SECUNIA
Type: Third Party Advisory
19950

Source: SECUNIA
Type: Third Party Advisory
20051

Source: SECUNIA
Type: Third Party Advisory
21033

Source: SECUNIA
Type: Third Party Advisory
21622

Source: SECUNIA
Type: Third Party Advisory
22065

Source: SECUNIA
Type: Third Party Advisory
22066

Source: CCN
Type: SECTRACK ID: 1015922
Mozilla Browser Suite crypto.generateCRMFRequest Method Lets Remote Users Install and Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1015922

Source: CCN
Type: SECTRACK ID: 1015923
Mozilla Seamonkey crypto.generateCRMFRequest Method Lets Remote Users Install and Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1015923

Source: CCN
Type: SECTRACK ID: 1015924
Mozilla Thunderbird crypto.generateCRMFRequest Method Lets Remote Users Install and Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1015924

Source: CCN
Type: SECTRACK ID: 1015925
Mozilla Firefox crypto.generateCRMFRequest Method Lets Remote Users Install and Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1015925

Source: CCN
Type: Sun Alert ID: 102550
Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux

Source: SUNALERT
Type: Broken Link
102550

Source: SUNALERT
Type: Broken Link
102763

Source: CCN
Type: Sun Alert ID: 200630
Multiple Security Vulnerabilites in Mozilla 1.7 for Solaris 8, 9, and 10

Source: CCN
Type: ASA-2006-085
Mozilla Firefox and Thunderbird security update (RHSA-2006-0328 RHSA-2006-0329 RHSA-2006-330)

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Source: CCN
Type: ASA-2006-259
HP-UX Firefox Vulnerabilities

Source: CCN
Type: ASA-2007-026
Multiple Security Vulnerabilities in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 102763)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: ASA-2007-135
HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156)

Source: DEBIAN
Type: Third Party Advisory
DSA-1044

Source: DEBIAN
Type: Third Party Advisory
DSA-1046

Source: DEBIAN
Type: Third Party Advisory
DSA-1051

Source: DEBIAN
Type: DSA-1044
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1046
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1051
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200604-12
Mozilla Firefox: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200604-12

Source: CCN
Type: GLSA-200604-18
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200604-18

Source: CCN
Type: GLSA-200605-09
Mozilla Thunderbird: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200605-09

Source: CCN
Type: US-CERT VU#932734
Mozilla crypto.generateCRMFRequest() vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#932734

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2006:075

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2006:076

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2006:078

Source: CCN
Type: Mozilla Web site
Firefox - Rediscover the Web

Source: CCN
Type: MFSA 2006-24
Privilege escalation using crypto.generateCRMFRequest

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html

Source: SUSE
Type: Broken Link
SUSE-SA:2006:022

Source: FEDORA
Type: Third Party Advisory
FEDORA-2006-410

Source: FEDORA
Type: Third Party Advisory
FEDORA-2006-411

Source: REDHAT
Type: Third Party Advisory
RHSA-2006:0328

Source: REDHAT
Type: Third Party Advisory
RHSA-2006:0329

Source: REDHAT
Type: Third Party Advisory
RHSA-2006:0330

Source: HP
Type: UNKNOWN
SSRT061145

Source: FEDORA
Type: UNKNOWN
FLSA:189137-1

Source: FEDORA
Type: UNKNOWN
FLSA:189137-2

Source: HP
Type: UNKNOWN
HPSBUX02122

Source: HP
Type: UNKNOWN
SSRT061236

Source: HP
Type: UNKNOWN
SSRT061181

Source: BID
Type: Third Party Advisory, VDB Entry
17516

Source: CCN
Type: BID-17516
Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities

Source: CCN
Type: USN-271-1
Firefox vulnerabilities

Source: CCN
Type: USN-275-1
Mozilla vulnerabilities

Source: CCN
Type: USN-276-1
Thunderbird vulnerabilities

Source: CERT
Type: Third Party Advisory, US Government Resource
TA06-107A

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2006-1356

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2006-3391

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2006-3748

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2006-3749

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2007-0058

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2008-0083

Source: XF
Type: Third Party Advisory, VDB Entry
mozilla-generatecrmfrequest-code-execution(25812)

Source: XF
Type: UNKNOWN
mozilla-generatecrmfrequest-code-execution(25812)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:10508

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:1698

Source: UBUNTU
Type: Third Party Advisory
USN-271-1

Source: UBUNTU
Type: Third Party Advisory
USN-275-1

Source: UBUNTU
Type: Third Party Advisory
USN-276-1

Source: SUSE
Type: SUSE-SA:2006:021
Mozilla Firefox and Mozilla suite various security problems

Source: SUSE
Type: SUSE-SA:2006:022
MozillaThunderbird various problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.8)
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.2)
  • OR cpe:/a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* (Version < 1.7.13)
  • OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version < 1.0.1)
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version >= 1.0 and < 1.0.8)
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.2)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20061728
    V
    		CVE-2006-1728
    2015-11-16
    oval:org.mitre.oval:def:10508
    V
    		Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
    2013-04-29
    oval:org.mitre.oval:def:1698
    V
    		Mozilla Privilege Escalation Using crypto.generateCRMFRequest
    2011-02-21
    oval:org.debian:def:1051
    V
    		several vulnerabilities
    2006-05-04
    oval:org.debian:def:1046
    V
    		several vulnerabilities
    2006-04-27
    oval:org.debian:def:1044
    V
    		several vulnerabilities
    2006-04-26
    oval:com.redhat.rhsa:def:20060328
    P
    		RHSA-2006:0328: firefox security update (Critical)
    2006-04-25
    oval:com.redhat.rhsa:def:20060329
    P
    		RHSA-2006:0329: mozilla security update (Critical)
    2006-04-25
    oval:com.redhat.rhsa:def:20060330
    P
    		RHSA-2006:0330: thunderbird security update (Critical)
    2006-04-25
    BACK
    mozilla firefox *
    mozilla firefox *
    mozilla mozilla suite *
    mozilla seamonkey *
    mozilla thunderbird *
    mozilla thunderbird *
    canonical ubuntu linux 4.10
    canonical ubuntu linux 5.04
    canonical ubuntu linux 5.10
    mozilla firefox 1.0
    mozilla thunderbird 1.0.1
    mozilla mozilla suite 1.7.6
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla mozilla suite 1.7.7
    mozilla firefox 1.0.4
    mozilla mozilla suite 1.7.8
    mozilla firefox 1.0.6
    mozilla firefox 1.5 beta1
    mozilla mozilla suite 1.7.11
    mozilla firefox 1.0.7
    mozilla thunderbird 1.0.2
    mozilla thunderbird 1.0.6
    mozilla thunderbird 1.0.7
    mozilla firefox 1.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla thunderbird 1.5.0.1
    mozilla firefox 1.0.5
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5 beta2
    mozilla mozilla suite 1.7.10
    mozilla mozilla suite 1.7.12
    mozilla thunderbird 1.0
    mozilla thunderbird 1.0.3
    mozilla thunderbird 1.0.4
    mozilla thunderbird 1.0.5
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    mozilla thunderbird 1.0.5 beta
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3