CVE-2006-4561

NameCVE-2006-4561
DescriptionMozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid124.0.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg+1.5.0.7-1low
xulrunnersource(unstable)1.8.0.7-1low

Notes

[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)

Search for package or bug name: Reporting problems