CVE-2006-1728

Name	CVE-2006-1728
Description	Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
Source	CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
References	DSA-1044-1, DSA-1046-1, DSA-1051-1
NVD severity	high (attack range: remote, user-initiated)
Debian/oldstable	not known to be vulnerable.
Debian/stable	not vulnerable.
Debian/testing	not known to be vulnerable.
Debian/unstable	not known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
xulrunner (PTS)	wheezy, wheezy (security)	24.8.1esr-2~deb7u1	fixed

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
firefox	source	(unstable)	1.5.dfsg+1.5.0.2-1	high
mozilla	source	(unstable)	(unfixed)	high
mozilla	source	sarge	2:1.7.8-1sarge5	high	DSA-1046-1
mozilla-firefox	source	(unstable)	1.5.dfsg+1.5.0.2-1	high
mozilla-firefox	source	sarge	1.0.4-2sarge6	high	DSA-1044-1
mozilla-thunderbird	source	sarge	1.0.2-2.sarge1.0.8	medium
thunderbird	source	(unstable)	1.5.0.2-1	medium
xulrunner	source	(unstable)	1.8.0.1-9	high