DescriptionMozilla Firefox before 184.108.40.206 and Thunderbird before 220.127.116.11 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2006:054, published Fri, 22 Sep 2006 15:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 05:11:04 2013
CVE page last modified: Fri Oct 7 12:45:34 2022