CVE-2006-4570

Name of the Vulnerable Software and Affected Versions libnspr4 versions prior to the fixed version Mozilla Thunderbird versions prior to 1.5.0.7 SeaMonkey versions prior to 1.0.5 libnss3 versions prior to the fixed version libnspr-dev versions prior to the fixed version libnss-dev versions prior to the fixed version

Description The issue concerns multiple vulnerabilities in the libnspr4, libnss3, libnspr-dev, and libnss-dev packages of the Debian GNU/Linux operating system, as well as in Mozilla Thunderbird and SeaMonkey. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. In the case of Mozilla Thunderbird and SeaMonkey, the vulnerabilities can be exploited when the "Load Images" option is enabled, allowing remote attackers to bypass JavaScript settings via a remote XBL file in a message.

Recommendations For libnspr4, update to a version that contains the fix for this issue. For Mozilla Thunderbird, update to version 1.5.0.7 or later. For SeaMonkey, update to version 1.0.5 or later. For libnss3, update to a version that contains the fix for this issue. For libnspr-dev, update to a version that contains the fix for this issue. For libnss-dev, update to a version that contains the fix for this issue.