====================================================== Name: CVE-2006-2775 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-35.html Reference: CERT-VN:VU#243153 Reference: URL:http://www.kb.cert.org/vuls/id/243153 Mozilla Firefox and Thunderbird before 1.5.0.4 associates XZUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. ====================================================== Name: CVE-2006-2776 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-37.html Reference: CERT-VN:VU#575969 Reference: URL:http://www.kb.cert.org/vuls/id/575969 Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. ====================================================== Name: CVE-2006-2777 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-43.html Reference: CERT-VN:VU#237257 Reference: URL:http://www.kb.cert.org/vuls/id/237257 Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. ====================================================== Name: CVE-2006-2778 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20060602 Category: Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-38.html Reference: CERT-VN:VU#421529 Reference: URL:http://www.kb.cert.org/vuls/id/421529 The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
