CVE-2006-4567

by Fred · 15/09/2006

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

Date published : 2006-09-15

http://www.securityfocus.com/bid/20042

http://www.securityfocus.com/archive/1/446140/100/0/threaded

CVE-2006-4567

Similar

Recent Posts

Categories

CVE-2006-4567

Share this:

Similar

Recent Posts

Categories

Tags