CVE-2006-1740 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2006-1740

CVE-2006-1740

April 14, 2006

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.

Related Resources (45)

http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

http://www.debian.org/security/2006/dsa-1051

http://www.vupen.com/english/advisories/2006/1356

http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811

http://secunia.com/advisories/19902

https://usn.ubuntu.com/275-1/

http://www.redhat.com/support/errata/RHSA-2006-0329.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/25813

http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

http://secunia.com/advisories/19746

http://www.securityfocus.com/archive/1/436296/100/0/threaded

http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

https://bugzilla.mozilla.org/show_bug.cgi?id=271194

http://secunia.com/advisories/19729

http://secunia.com/advisories/19721

http://www.debian.org/security/2006/dsa-1046

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

http://secunia.com/advisories/19852

http://secunia.com/advisories/19759

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424

http://secunia.com/advisories/19631

http://secunia.com/advisories/19794

http://www.securityfocus.com/bid/17516

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

http://secunia.com/advisories/21622

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://secunia.com/advisories/19811

http://secunia.com/advisories/19714

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

http://www.mozilla.org/security/announce/2006/mfsa2006-12.html

http://secunia.com/advisories/19863

http://secunia.com/advisories/19862

http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

http://secunia.com/advisories/21033

https://usn.ubuntu.com/271-1/

http://www.debian.org/security/2006/dsa-1044

http://www.securityfocus.com/archive/1/436338/100/0/threaded

http://secunia.com/advisories/19696

http://secunia.com/advisories/19941

http://www.securityfocus.com/archive/1/438730/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2006-0328.html

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

CVSS v2

Base Score:

2.6

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

EPSS

Base Score:

2.19