漏洞信息(CVE-2006-2778)

一、漏洞 CVE-2006-2778 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

在Mozilla Firefox和Thunderbird 1.5.0.4之前的版本中， crypto.signText函数允许远程攻击者通过某些可选的证书机构名称参数执行任意代码，这会导致数组索引无效并触发缓冲区溢出。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Mozilla Firefox/Thunderbird crypto.signText函数数组索引漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Mozilla Firefox/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。 Mozilla Firefox 和 Thunderbird ，crypto.signText()中存在数组索引漏洞，如果传送了可选的证书授权名参数的话，就会溢出两位已分配的指针数组。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

授权问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2006-2778 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2006-2778 的情报信息

http://www.mozilla.org/security/announce/2006/mfsa2006-38.html x_refsource_CONFIRM
http://secunia.com/advisories/21176 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/22065 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21269 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/22066 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21183 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21324 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21631 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21134 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21188 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21270 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21532 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/18228 vdb-entry x_refsource_BID
http://secunia.com/advisories/21607 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21178 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/20376 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/20561 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/20709 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21210 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/21336 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/20382 third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1 vendor-advisory x_refsource_SUNALERT
http://securitytracker.com/id?1016214 vdb-entry x_refsource_SECTRACK
http://securitytracker.com/id?1016202 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2006/dsa-1134 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2006/dsa-1120 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2006/dsa-1118 vendor-advisory x_refsource_DEBIAN
https://usn.ubuntu.com/297-3/ vendor-advisory x_refsource_UBUNTU
https://usn.ubuntu.com/296-1/ vendor-advisory x_refsource_UBUNTU
https://usn.ubuntu.com/297-1/ vendor-advisory x_refsource_UBUNTU
http://www.us-cert.gov/cas/techalerts/TA06-153A.html third-party-advisory x_refsource_CERT
http://www.kb.cert.org/vuls/id/421529 third-party-advisory x_refsource_CERT-VN
https://usn.ubuntu.com/323-1/ vendor-advisory x_refsource_UBUNTU
https://usn.ubuntu.com/296-2/ vendor-advisory x_refsource_UBUNTU
http://www.securityfocus.com/archive/1/446657/100/200/threaded vendor-advisory x_refsource_HP
http://www.securityfocus.com/archive/1/446658/100/200/threaded vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2006/3749 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0083 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/0058 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3748 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/2106 vdb-entry x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 vendor-advisory x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2006-0578.html vendor-advisory x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml vendor-advisory x_refsource_GENTOO
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml vendor-advisory x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2006-0611.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2006-0594.html vendor-advisory x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2006-0609.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2006-0610.html vendor-advisory x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html vendor-advisory x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9703 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/26849 vdb-entry x_refsource_XF
http://www.securityfocus.com/archive/1/435795/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-2778

一、 漏洞 CVE-2006-2778 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2006-2778 的公开POC

三、漏洞 CVE-2006-2778 的情报信息

一、漏洞 CVE-2006-2778 基础信息