CVE-2006-4567
Publication date 15 September 2006
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 7.04 feisty |
Not affected
|
6.10 edgy |
Not affected
|
|
6.06 LTS dapper |
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
|
|
firefox-granparadiso | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
lightning-sunbird | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
midbrowser | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
mozilla-thunderbird | 7.04 feisty |
Fixed 1.5.0.13-0ubuntu0.7.04
|
6.10 edgy |
Fixed 1.5.0.13-0ubuntu0.6.10
|
|
6.06 LTS dapper |
Fixed 1.5.0.13-0ubuntu0.6.06
|