Vulnerability CVE-2006-1790

Vulnerability Name:

CVE-2006-1790 (CCN-25809)

Assigned:

2006-04-14

Published:

2006-04-14

Updated:

2018-10-18

Summary:

A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Gain Access

References:

Source: SCO
Type: UNKNOWN
SCOSA-2006.26

Source: SGI
Type: UNKNOWN
20060404-01-U

Source: MITRE
Type: CNA
CVE-2006-1790

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:021

Source: CCN
Type: RHSA-2006-0328
firefox security update

Source: CCN
Type: RHSA-2006-0329
mozilla security update

Source: CCN
Type: RHSA-2006-0330
thunderbird security update

Source: CCN
Type: SA19631
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
19631

Source: SECUNIA
Type: UNKNOWN
19714

Source: SECUNIA
Type: UNKNOWN
19721

Source: SECUNIA
Type: UNKNOWN
19729

Source: SECUNIA
Type: UNKNOWN
19746

Source: SECUNIA
Type: Vendor Advisory
19759

Source: SECUNIA
Type: UNKNOWN
19780

Source: SECUNIA
Type: Vendor Advisory
19794

Source: SECUNIA
Type: Vendor Advisory
19811

Source: SECUNIA
Type: Vendor Advisory
19852

Source: SECUNIA
Type: Vendor Advisory
19862

Source: SECUNIA
Type: UNKNOWN
19863

Source: SECUNIA
Type: UNKNOWN
19902

Source: SECUNIA
Type: UNKNOWN
19941

Source: SECUNIA
Type: UNKNOWN
19950

Source: SECUNIA
Type: UNKNOWN
20051

Source: SECUNIA
Type: UNKNOWN
21033

Source: SECUNIA
Type: UNKNOWN
21622

Source: CCN
Type: Sun Alert ID: 102550
Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux

Source: SUNALERT
Type: UNKNOWN
102550

Source: SUNALERT
Type: UNKNOWN
228526

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Source: DEBIAN
Type: UNKNOWN
DSA-1044

Source: DEBIAN
Type: UNKNOWN
DSA-1046

Source: DEBIAN
Type: UNKNOWN
DSA-1051

Source: DEBIAN
Type: DSA-1044
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1046
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1051
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200604-12
Mozilla Firefox: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200604-12

Source: CCN
Type: GLSA-200604-18
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200604-18

Source: CCN
Type: GLSA-200605-09
Mozilla Thunderbird: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200605-09

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:075

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:076

Source: CCN
Type: Mozilla Web site
Firefox - Rediscover the Web

Source: CCN
Type: MFSA 2006-11
Crashes with evidence of memory corruption

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-410

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-411

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0328

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0329

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0330

Source: FEDORA
Type: UNKNOWN
FLSA:189137-1

Source: FEDORA
Type: UNKNOWN
FLSA:189137-2

Source: HP
Type: UNKNOWN
HPSBUX02122

Source: BID
Type: UNKNOWN
17516

Source: CCN
Type: BID-17516
Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities

Source: CCN
Type: USN-271-1
Firefox vulnerabilities

Source: CCN
Type: USN-275-1
Mozilla vulnerabilities

Source: CCN
Type: USN-276-1
Thunderbird vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-1356

Source: XF
Type: UNKNOWN
mozilla-installtrigger-memory-corruption(25809)

Source: XF
Type: UNKNOWN
mozilla-installtrigger-memory-corruption(25809)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11202

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1266

Source: UBUNTU
Type: UNKNOWN
USN-271-1

Source: UBUNTU
Type: UNKNOWN
USN-275-1

Source: UBUNTU
Type: UNKNOWN
USN-276-1

Source: SUSE
Type: SUSE-SA:2006:021
Mozilla Firefox and Mozilla suite various security problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20061790	V	CVE-2006-1790	2015-11-16
oval:org.mitre.oval:def:11202	V	A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.	2013-04-29
oval:org.mitre.oval:def:1266	V	Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)	2007-03-21
oval:org.debian:def:1051	V	several vulnerabilities	2006-05-04
oval:org.debian:def:1046	V	several vulnerabilities	2006-04-27
oval:org.debian:def:1044	V	several vulnerabilities	2006-04-26
oval:com.redhat.rhsa:def:20060328	P	RHSA-2006:0328: firefox security update (Critical)	2006-04-25
oval:com.redhat.rhsa:def:20060329	P	RHSA-2006:0329: mozilla security update (Critical)	2006-04-25
oval:com.redhat.rhsa:def:20060330	P	RHSA-2006:0330: thunderbird security update (Critical)	2006-04-25

BACK