PublicDate: 2006-09-15 18:07:00 UTC
Candidate: CVE-2006-4567
References:
 https://ubuntu.com/security/notices/USN-351-1
 https://ubuntu.com/security/notices/USN-350-1
 https://ubuntu.com/security/notices/USN-352-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4567
Description:
 Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy
 for users to accept self-signed certificates for the auto-update mechanism,
 which might allow remote user-assisted attackers to use DNS spoofing to
 trick users into visiting a malicious site and accepting a malicious
 certificate for the Mozilla update site, which can then be used to install
 arbitrary code on the next update.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_midbrowser: DNE
edgy_midbrowser: DNE
feisty_midbrowser: DNE
devel_midbrowser: released (0.1.6b-0ubuntu2)
dapper_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.06)
edgy_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.10)
feisty_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.7.04)
devel_mozilla-thunderbird: DNE
dapper_firefox-granparadiso: DNE
edgy_firefox-granparadiso: DNE
feisty_firefox-granparadiso: DNE
devel_firefox-granparadiso: released (3.0~alpha7-0ubuntu6)
dapper_firefox: released (1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
edgy_firefox: not-affected
feisty_firefox: not-affected
devel_firefox: not-affected
dapper_lightning-sunbird: DNE
edgy_lightning-sunbird: DNE
feisty_lightning-sunbird: DNE
devel_lightning-sunbird: released (0.5-0ubuntu4)
upstream_firefox: needs-triage
upstream_firefox-granparadiso: needs-triage
upstream_lightning-sunbird: needs-triage
upstream_midbrowser: needs-triage
upstream_mozilla-thunderbird: needs-triage