Vulnerability Name:

CVE-2006-1790 (CCN-25809)

Assigned:2006-04-14
Published:2006-04-14
Updated:2018-10-18
Summary:A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2006.26

Source: SGI
Type: UNKNOWN
20060404-01-U

Source: MITRE
Type: CNA
CVE-2006-1790

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:021

Source: CCN
Type: RHSA-2006-0328
firefox security update

Source: CCN
Type: RHSA-2006-0329
mozilla security update

Source: CCN
Type: RHSA-2006-0330
thunderbird security update

Source: CCN
Type: SA19631
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
19631

Source: SECUNIA
Type: UNKNOWN
19714

Source: SECUNIA
Type: UNKNOWN
19721

Source: SECUNIA
Type: UNKNOWN
19729

Source: SECUNIA
Type: UNKNOWN
19746

Source: SECUNIA
Type: Vendor Advisory
19759

Source: SECUNIA
Type: UNKNOWN
19780

Source: SECUNIA
Type: Vendor Advisory
19794

Source: SECUNIA
Type: Vendor Advisory
19811

Source: SECUNIA
Type: Vendor Advisory
19852

Source: SECUNIA
Type: Vendor Advisory
19862

Source: SECUNIA
Type: UNKNOWN
19863

Source: SECUNIA
Type: UNKNOWN
19902

Source: SECUNIA
Type: UNKNOWN
19941

Source: SECUNIA
Type: UNKNOWN
19950

Source: SECUNIA
Type: UNKNOWN
20051

Source: SECUNIA
Type: UNKNOWN
21033

Source: SECUNIA
Type: UNKNOWN
21622

Source: CCN
Type: Sun Alert ID: 102550
Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux

Source: SUNALERT
Type: UNKNOWN
102550

Source: SUNALERT
Type: UNKNOWN
228526

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Source: DEBIAN
Type: UNKNOWN
DSA-1044

Source: DEBIAN
Type: UNKNOWN
DSA-1046

Source: DEBIAN
Type: UNKNOWN
DSA-1051

Source: DEBIAN
Type: DSA-1044
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1046
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1051
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200604-12
Mozilla Firefox: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200604-12

Source: CCN
Type: GLSA-200604-18
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200604-18

Source: CCN
Type: GLSA-200605-09
Mozilla Thunderbird: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200605-09

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:075

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:076

Source: CCN
Type: Mozilla Web site
Firefox - Rediscover the Web

Source: CCN
Type: MFSA 2006-11
Crashes with evidence of memory corruption

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-410

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-411

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0328

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0329

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0330

Source: FEDORA
Type: UNKNOWN
FLSA:189137-1

Source: FEDORA
Type: UNKNOWN
FLSA:189137-2

Source: HP
Type: UNKNOWN
HPSBUX02122

Source: BID
Type: UNKNOWN
17516

Source: CCN
Type: BID-17516
Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities

Source: CCN
Type: USN-271-1
Firefox vulnerabilities

Source: CCN
Type: USN-275-1
Mozilla vulnerabilities

Source: CCN
Type: USN-276-1
Thunderbird vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-1356

Source: XF
Type: UNKNOWN
mozilla-installtrigger-memory-corruption(25809)

Source: XF
Type: UNKNOWN
mozilla-installtrigger-memory-corruption(25809)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11202

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1266

Source: UBUNTU
Type: UNKNOWN
USN-271-1

Source: UBUNTU
Type: UNKNOWN
USN-275-1

Source: UBUNTU
Type: UNKNOWN
USN-276-1

Source: SUSE
Type: SUSE-SA:2006:021
Mozilla Firefox and Mozilla suite various security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20061790
    V
    CVE-2006-1790
    2015-11-16
    oval:org.mitre.oval:def:11202
    V
    A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
    2013-04-29
    oval:org.mitre.oval:def:1266
    V
    Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)
    2007-03-21
    oval:org.debian:def:1051
    V
    several vulnerabilities
    2006-05-04
    oval:org.debian:def:1046
    V
    several vulnerabilities
    2006-04-27
    oval:org.debian:def:1044
    V
    several vulnerabilities
    2006-04-26
    oval:com.redhat.rhsa:def:20060328
    P
    RHSA-2006:0328: firefox security update (Critical)
    2006-04-25
    oval:com.redhat.rhsa:def:20060329
    P
    RHSA-2006:0329: mozilla security update (Critical)
    2006-04-25
    oval:com.redhat.rhsa:def:20060330
    P
    RHSA-2006:0330: thunderbird security update (Critical)
    2006-04-25
    BACK
    mozilla firefox 1.0.7
    mozilla firefox 1.0.7
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3