CVE-2006-1740
First published: Fri Apr 14 2006(Updated: )
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Mozilla Suite | <=1.7.12 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Mozilla Suite | =1.7.10 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Mozilla Suite | =1.7.8 | |
| Mozilla Thunderbird | =1.0 | |
| Mozilla Thunderbird | =1.0.1 | |
| Mozilla Thunderbird | =1.5-beta2 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla Thunderbird | =1.0.2 | |
| Mozilla Mozilla Suite | =1.7.11 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Thunderbird | =1.5 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Thunderbird | =1.0.4 | |
| Mozilla Thunderbird | =1.0.3 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Thunderbird | =1.0.6 | |
| Mozilla Thunderbird | =1.0.5-beta | |
| Mozilla Mozilla Suite | =1.7.7 | |
| Mozilla Firefox | <=1.0.7 | |
| Mozilla Mozilla Suite | =1.7.6 | |
| Mozilla SeaMonkey | <=1.0 | |
| Mozilla Thunderbird | <=1.0.7 | |
| Mozilla Thunderbird | =1.0.5 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=271194
- http://www.redhat.com/support/errata/RHSA-2006-0328.html
- http://www.securityfocus.com/bid/17516
- http://secunia.com/advisories/19631
- http://www.debian.org/security/2006/dsa-1044
- http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19794
- http://www.debian.org/security/2006/dsa-1046
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://secunia.com/advisories/19811
- http://secunia.com/advisories/19852
- http://secunia.com/advisories/19862
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://www.debian.org/security/2006/dsa-1051
- http://secunia.com/advisories/19941
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19714
- http://secunia.com/advisories/19721
- http://secunia.com/advisories/19746
- http://www.redhat.com/support/errata/RHSA-2006-0329.html
- http://secunia.com/advisories/21033
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
- http://secunia.com/advisories/21622
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://secunia.com/advisories/19696
- http://secunia.com/advisories/19729
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
- http://www.vupen.com/english/advisories/2006/1356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25813
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424
- https://usn.ubuntu.com/275-1/
- https://usn.ubuntu.com/271-1/
- http://www.securityfocus.com/archive/1/438730/100/0/threaded
- http://www.securityfocus.com/archive/1/436338/100/0/threaded
- http://www.securityfocus.com/archive/1/436296/100/0/threaded
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.5-beta2
- canonical/mozilla mozilla suite
- version/mozilla mozilla suite/1.7.12
- version/mozilla firefox/1.0.2
- version/mozilla firefox/1.5-beta1
- version/mozilla firefox/1.5
- version/mozilla mozilla suite/1.7.10
- version/mozilla firefox/1.0.4
- version/mozilla mozilla suite/1.7.8
- canonical/mozilla thunderbird
- version/mozilla thunderbird/1.0
- version/mozilla thunderbird/1.0.1
- version/mozilla thunderbird/1.5-beta2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0
- version/mozilla thunderbird/1.0.2
- version/mozilla mozilla suite/1.7.11
- version/mozilla firefox/1.0
- version/mozilla thunderbird/1.5
- version/mozilla firefox/1.0.1
- version/mozilla thunderbird/1.0.4
- version/mozilla thunderbird/1.0.3
- version/mozilla firefox/1.0.3
- version/mozilla thunderbird/1.0.6
- version/mozilla thunderbird/1.0.5-beta
- version/mozilla mozilla suite/1.7.7
- version/mozilla firefox/1.0.7
- version/mozilla mozilla suite/1.7.6
- version/mozilla thunderbird/1.0.7
- version/mozilla thunderbird/1.0.5
- version/mozilla firefox/1.0.5
- version/mozilla firefox/1.0.6