Vulnerability DatabaseCVE-2006-4567
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-4567
September 15, 2006
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
Related ResourcesĀ (42)
http://security.gentoo.org/glsa/glsa-200610-01.xml
https://issues.rpath.com/browse/RPL-640
https://access.redhat.com/security/cve/CVE-2006-4567
http://www.ubuntu.com/usn/usn-352-1
http://www.securityfocus.com/bid/20042
http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
http://secunia.com/advisories/22025
http://secunia.com/advisories/22195
http://www.ubuntu.com/usn/usn-350-1
http://www.vupen.com/english/advisories/2008/0083
http://secunia.com/advisories/22001
http://secunia.com/advisories/21939
http://secunia.com/advisories/21949
http://secunia.com/advisories/22422
http://secunia.com/advisories/22088
http://www.ubuntu.com/usn/usn-351-1
http://www.redhat.com/support/errata/RHSA-2006-0675.html
http://securitytracker.com/id?1016850
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10488
http://www.vupen.com/english/advisories/2006/3748
http://secunia.com/advisories/21906
http://securitytracker.com/id?1016851
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-4567
http://secunia.com/advisories/21916
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://secunia.com/advisories/21950
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
http://secunia.com/advisories/22056
http://secunia.com/advisories/22210
http://www.redhat.com/support/errata/RHSA-2006-0677.html
http://secunia.com/advisories/22274
http://www.ubuntu.com/usn/usn-354-1
http://www.securityfocus.com/archive/1/446140/100/0/threaded
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/28950
http://secunia.com/advisories/22066
http://secunia.com/advisories/22055
http://secunia.com/advisories/22074
http://security.gentoo.org/glsa/glsa-200609-19.xml
http://www.vupen.com/english/advisories/2006/3617
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
2.6
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
EPSS
Base Score:
2.27