CVE-2006-4567
CVE-2006-4567
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/21906http://secunia.com/advisories/21916http://secunia.com/advisories/21939http://secunia.com/advisories/21949http://secunia.com/advisories/21950http://secunia.com/advisories/22001http://secunia.com/advisories/22025http://secunia.com/advisories/22055http://secunia.com/advisories/22056http://secunia.com/advisories/22066http://secunia.com/advisories/22074http://secunia.com/advisories/22088