CVE-2006-1740

NameCVE-2006-1740
DescriptionMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1044-1, DSA-1046-1, DSA-1051-1
NVD severitylow (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid49.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg+1.5.0.2-2low
mozillasource(unstable)2:1.7.13-0.1low
mozillasourcesarge2:1.7.8-1sarge5lowDSA-1046-1
mozilla-firefoxsource(unstable)1.5.dfsg+1.5.0.2-2low
mozilla-firefoxsourcesarge1.0.4-2sarge6lowDSA-1044-1
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.8low
thunderbirdsource(unstable)1.5.0.2-1low

Search for package or bug name: Reporting problems