Vulnerability Name:

CVE-2006-4567 (CCN-28950)

Assigned:2006-09-15
Published:2006-09-15
Updated:2018-10-17
Summary:Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-4567

Source: CCN
Type: RHSA-2006-0675
firefox security update

Source: CCN
Type: RHSA-2006-0677
thunderbird security update

Source: CCN
Type: SA21906
Mozilla Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21906

Source: SECUNIA
Type: UNKNOWN
21916

Source: CCN
Type: SA21939
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
21939

Source: SECUNIA
Type: Patch, Vendor Advisory
21949

Source: SECUNIA
Type: UNKNOWN
21950

Source: SECUNIA
Type: UNKNOWN
22001

Source: SECUNIA
Type: UNKNOWN
22025

Source: SECUNIA
Type: UNKNOWN
22055

Source: SECUNIA
Type: UNKNOWN
22056

Source: SECUNIA
Type: UNKNOWN
22066

Source: SECUNIA
Type: UNKNOWN
22074

Source: SECUNIA
Type: UNKNOWN
22088

Source: SECUNIA
Type: UNKNOWN
22195

Source: SECUNIA
Type: UNKNOWN
22210

Source: SECUNIA
Type: UNKNOWN
22274

Source: CCN
Type: SA22422
Avaya Products Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22422

Source: GENTOO
Type: UNKNOWN
GLSA-200609-19

Source: GENTOO
Type: UNKNOWN
GLSA-200610-01

Source: CCN
Type: SECTRACK ID: 1016850
Mozilla Thunderbird Auto-Update Can Be Spoofed in Certain Cases

Source: SECTRACK
Type: UNKNOWN
1016850

Source: CCN
Type: SECTRACK ID: 1016851
Mozilla Firefox Auto-Update Can Be Spoofed in Certain Cases

Source: SECTRACK
Type: UNKNOWN
1016851

Source: CCN
Type: ASA-2006-219
thunderbird security update (RHSA-2006-0677)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

Source: CCN
Type: ASA-2006-224
firefox security update (RHSA-2006-0675)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: GLSA-200609-19
Mozilla Firefox: Multiple vulnerabilities

Source: CCN
Type: GLSA-200610-01
Mozilla Thunderbird: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:168

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:169

Source: CCN
Type: MFSA 2006-58
Auto-update compromise through DNS and SSL spoofing

Source: CONFIRM
Type: Exploit
http://www.mozilla.org/security/announce/2006/mfsa2006-58.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:054

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0675

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0677

Source: BUGTRAQ
Type: UNKNOWN
20060915 rPSA-2006-0169-1 firefox thunderbird

Source: BID
Type: UNKNOWN
20042

Source: CCN
Type: BID-20042
Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities

Source: CCN
Type: USN-350-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-350-1

Source: CCN
Type: USN-351-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-351-1

Source: CCN
Type: USN-352-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-352-1

Source: CCN
Type: USN-354-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-354-1

Source: VUPEN
Type: UNKNOWN
ADV-2006-3617

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: HP
Type: UNKNOWN
SSRT061181

Source: XF
Type: UNKNOWN
mozilla-auto-update-dns-spoofing(28950)

Source: XF
Type: UNKNOWN
mozilla-auto-update-gain-access(28950)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-640

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10488

Source: SUSE
Type: SUSE-SA:2006:054
Mozilla Firefox security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.5.0.6)
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 1.5.0.6)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064567
    V
    		CVE-2006-4567
    2015-11-16
    oval:org.mitre.oval:def:10488
    V
    		Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
    2013-04-29
    oval:com.redhat.rhsa:def:20060675
    P
    		RHSA-2006:0675: firefox security update (Critical)
    2006-09-15
    oval:com.redhat.rhsa:def:20060677
    P
    		RHSA-2006:0677: thunderbird security update (Critical)
    2006-09-15
    BACK
    mozilla firefox *
    mozilla thunderbird *
    mozilla firefox 1.5 beta1
    mozilla firefox 1.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla thunderbird 1.5.0.6
    mozilla thunderbird 1.5.0.5
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.3
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5 beta2
    gentoo linux *
    redhat enterprise linux 3
    suse suse linux 9.2
    redhat enterprise linux 2.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    suse suse linux 10.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3