Remote Code Execution in Mozilla Firefox and Thunderbird
CVE-2006-1728

Currently unrated

Key Information:

Vendor: Mozilla
Status: Mozilla Suite; Thunderbird; Seamonkey; Firefox
Vendor: CVE Published:; 14 April 2006

What is CVE-2006-1728?

The vulnerability affects multiple versions of Mozilla Firefox and Thunderbird, where improper validation in the crypto.generateCRMFRequest method can be exploited by remote attackers. This flaw could allow attackers to execute arbitrary code on the user's system through unknown vectors, posing a significant risk to users who have not updated their software to patched versions.

References

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.vupen.com/english/advisories/2006/3748

vdb-entryx_refsource_VUPEN

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

29% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006