First published: Fri Sep 15 2006(Updated: )
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <=1.5.0.6 | |
Mozilla Thunderbird | <=1.5.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.