CVE-2006-1728

Name	CVE-2006-1728
Description	Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
References	DSA-1044-1, DSA-1046-1, DSA-1051-1
NVD severity	high (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firefox (PTS)	sid	49.0-3	fixed
xulrunner (PTS)	wheezy (security), wheezy	24.8.1esr-2~deb7u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
firefox	source	(unstable)	1.5.dfsg+1.5.0.2-1	high
mozilla	source	(unstable)	(unfixed)	high
mozilla	source	sarge	2:1.7.8-1sarge5	high	DSA-1046-1
mozilla-firefox	source	(unstable)	1.5.dfsg+1.5.0.2-1	high
mozilla-firefox	source	sarge	1.0.4-2sarge6	high	DSA-1044-1
mozilla-thunderbird	source	sarge	1.0.2-2.sarge1.0.8	medium
thunderbird	source	(unstable)	1.5.0.2-1	medium
xulrunner	source	(unstable)	1.8.0.1-9	high