CVE-2006-4568

Name of the Vulnerable Software and Affected Versions libnspr4 versions (affected versions not specified) libnss3 versions (affected versions not specified) Mozilla Firefox versions prior to 1.5.0.7 SeaMonkey versions prior to 1.0.5 libnspr-dev versions (affected versions not specified) libnss-dev versions (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libnspr4, libnss3, libnspr-dev, and libnss-dev. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Additionally, a security bypass vulnerability in Mozilla Firefox and SeaMonkey allows remote attackers to inject content into the sub-frame of another site, facilitating spoofing and other attacks. This can be achieved via targetWindow.frames[n].document.open(), which enables attackers to bypass the security model.

Recommendations For libnspr4, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. For libnss3, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. For Mozilla Firefox versions prior to 1.5.0.7, update to version 1.5.0.7 or later to resolve the security bypass issue. For SeaMonkey versions prior to 1.0.5, update to version 1.0.5 or later to resolve the security bypass issue. For libnspr-dev, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. For libnss-dev, consider updating to a version that addresses the vulnerabilities, although the specific version is not specified. As a temporary workaround for the security bypass vulnerability in Mozilla Firefox and SeaMonkey, consider restricting the use of the targetWindow.frames[n].document.open() method until a patch is available.