CVE-2006-4567

CVE-2006-4567 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

Learn more about our User Device Pen Test.