1. CVE-Search
  2. CVE-2006-1790
ID CVE-2006-1790
Summary A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 18-10-2018 - 16:36)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:12:18.063-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
    family unix
    id oval:org.mitre.oval:def:11202
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
    version 29
  • accepted 2007-03-21T16:16:47.157-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
    family windows
    id oval:org.mitre.oval:def:1266
    status accepted
    submitted 2006-05-07T09:05:00.000-04:00
    title Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)
    version 3
redhat via4
advisories
  • bugzilla
    id 1618063
    title CVE-2006-1790 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • comment firefox is earlier than 0:1.0.8-1.4.1
        oval oval:com.redhat.rhsa:tst:20060328001
      • comment firefox is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060200002
    rhsa
    id RHSA-2006:0328
    released 2006-04-14
    severity Critical
    title RHSA-2006:0328: firefox security update (Critical)
  • bugzilla
    id 1618063
    title CVE-2006-1790 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment devhelp is earlier than 0:0.9.2-2.4.8
            oval oval:com.redhat.rhsa:tst:20060329001
          • comment devhelp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060329002
        • AND
          • comment devhelp-devel is earlier than 0:0.9.2-2.4.8
            oval oval:com.redhat.rhsa:tst:20060329003
          • comment devhelp-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060329004
    rhsa
    id RHSA-2006:0329
    released 2006-04-18
    severity Critical
    title RHSA-2006:0329: mozilla security update (Critical)
  • bugzilla
    id 1618063
    title CVE-2006-1790 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • comment thunderbird is earlier than 0:1.0.8-1.4.1
        oval oval:com.redhat.rhsa:tst:20060330001
      • comment thunderbird is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060330002
    rhsa
    id RHSA-2006:0330
    released 2006-04-21
    severity Critical
    title RHSA-2006:0330: thunderbird security update (Critical)
rpms
  • firefox-0:1.0.8-1.4.1
  • firefox-debuginfo-0:1.0.8-1.4.1
  • devhelp-0:0.9.2-2.4.8
  • devhelp-debuginfo-0:0.9.2-2.4.8
  • devhelp-devel-0:0.9.2-2.4.8
  • thunderbird-0:1.0.8-1.4.1
  • thunderbird-debuginfo-0:1.0.8-1.4.1
refmap via4
bid 17516
confirm
debian
  • DSA-1044
  • DSA-1046
  • DSA-1051
fedora
  • FEDORA-2006-410
  • FEDORA-2006-411
  • FLSA:189137-1
  • FLSA:189137-2
gentoo
  • GLSA-200604-12
  • GLSA-200604-18
  • GLSA-200605-09
hp
  • HPSBUX02122
  • SSRT061158
mandriva
  • MDKSA-2006:075
  • MDKSA-2006:076
sco SCOSA-2006.26
secunia
  • 19631
  • 19714
  • 19721
  • 19729
  • 19746
  • 19759
  • 19780
  • 19794
  • 19811
  • 19852
  • 19862
  • 19863
  • 19902
  • 19941
  • 19950
  • 20051
  • 21033
  • 21622
sgi 20060404-01-U
sunalert
  • 102550
  • 228526
suse SUSE-SA:2006:021
ubuntu
  • USN-271-1
  • USN-275-1
  • USN-276-1
vupen ADV-2006-1356
xf mozilla-installtrigger-memory-corruption(25809)
Last major update 18-10-2018 - 16:36
Published 14-04-2006 - 19:02
Last modified 18-10-2018 - 16:36
Back to Top