CVE-2006-1740

NameCVE-2006-1740
DescriptionMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1044-1, DSA-1046-1, DSA-1051-1
NVD severitylow (attack range: remote)
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg+1.5.0.2-2low
mozillasource(unstable)2:1.7.13-0.1low
mozillasourcesarge2:1.7.8-1sarge5lowDSA-1046-1
mozilla-firefoxsource(unstable)1.5.dfsg+1.5.0.2-2low
mozilla-firefoxsourcesarge1.0.4-2sarge6lowDSA-1044-1
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.8low
thunderbirdsource(unstable)1.5.0.2-1low

Search for package or bug name: Reporting problems