- Home
- Vulnerability & Exploit Database
- Vulnerabilities
Rapid7 Vulnerability & Exploit Database
Mozilla Firefox 'crypto.generateCRMFRequest()' Function Privilege Escalation Vulnerability
Free InsightVM Trial
No credit card necessary
Watch Demo
See how it all works
Mozilla Firefox 'crypto.generateCRMFRequest()' Function Privilege Escalation Vulnerability
10
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
04/14/2006
07/25/2018
06/07/2006
02/13/2015
Description
Certain versions of Mozilla Firefox contain a flawed implementation of the 'crypto.generateCRMFRequest()' function. As a result, a malicious web site can execute arbitrary code under the privileges of the browser process.
Solution(s)
- mozilla-firefox-upgrade-1_5_0_2
- mozilla-firefox-upgrade-latest
References
- https://attackerkb.com/topics/cve-2004-1316
- 12131
- 12407
- 12468
- 12659
- 12881
- 12988
- 13232
- 13233
- 13645
- 14242
- 14443
- 14775
- 14919
- 14920
- 15495
- 15773
- 16476
- 16770
- 16881
- 17171
- 17516
- TA06-038A
- TA06-107A
- 179014
- 252324
- 329500
- 350262
- 488774
- 492382
- 557948
- 592425
- 652366
- 736934
- 813230
- 842094
- 932734
- 935556
- 968814
- P-160
- P-252
- CVE - 2004-1316
- CVE - 2005-0142
- CVE - 2005-0149
- CVE - 2005-0230
- CVE - 2005-0255
- CVE - 2005-0399
- CVE - 2005-0587
- CVE - 2005-0590
- CVE - 2005-0592
- CVE - 2005-0989
- CVE - 2005-1159
- CVE - 2005-1160
- CVE - 2005-1532
- CVE - 2005-2261
- CVE - 2005-2265
- CVE - 2005-2266
- CVE - 2005-2269
- CVE - 2005-2270
- CVE - 2005-2353
- CVE - 2005-2706
- CVE - 2005-2707
- CVE - 2005-4134
- CVE - 2005-4744
- CVE - 2006-0292
- CVE - 2006-0293
- CVE - 2006-0296
- CVE - 2006-0748
- CVE - 2006-0749
- CVE - 2006-0884
- CVE - 2006-1045
- CVE - 2006-1354
- CVE - 2006-1529
- CVE - 2006-1530
- CVE - 2006-1531
- CVE - 2006-1723
- CVE - 2006-1724
- CVE - 2006-1725
- CVE - 2006-1726
- CVE - 2006-1727
- CVE - 2006-1728
- CVE - 2006-1729
- CVE - 2006-1730
- CVE - 2006-1731
- CVE - 2006-1732
- CVE - 2006-1733
- CVE - 2006-1734
- CVE - 2006-1735
- CVE - 2006-1736
- CVE - 2006-1737
- CVE - 2006-1738
- CVE - 2006-1739
- CVE - 2006-1740
- CVE - 2006-1741
- CVE - 2006-1742
- CVE - 2006-1790
- DSA-1044
- DSA-1046
- DSA-1051
- DSA-1089
- DSA-810
- DSA-838
- DSA-866
- DSA-868
- 19648
- 21533
- 23653
- OVAL100003
- OVAL100004
- OVAL100005
- OVAL100008
- OVAL100011
- OVAL100012
- OVAL100014
- OVAL100017
- OVAL100018
- OVAL100025
- OVAL100028
- OVAL100033
- OVAL100037
- OVAL100040
- OVAL100041
- OVAL100043
- OVAL100047
- OVAL100052
- OVAL100056
- OVAL10010
- OVAL100107
- OVAL10016
- OVAL10055
- OVAL10156
- OVAL10232
- OVAL10243
- OVAL10254
- OVAL10364
- OVAL1037
- OVAL10397
- OVAL10424
- OVAL10449
- OVAL10508
- OVAL10606
- OVAL10629
- OVAL10712
- OVAL10755
- OVAL10782
- OVAL10791
- OVAL10815
- OVAL10817
- OVAL1087
- OVAL10922
- OVAL10930
- OVAL10947
- OVAL11130
- OVAL11164
- OVAL11202
- OVAL11291
- OVAL11317
- OVAL11377
- OVAL11382
- OVAL11407
- OVAL11704
- OVAL11706
- OVAL11751
- OVAL11803
- OVAL11808
- OVAL1189
- OVAL1197
- OVAL1247
- OVAL1258
- OVAL1266
- OVAL1348
- OVAL1415
- OVAL1443
- OVAL1471
- OVAL1493
- OVAL1494
- OVAL1548
- OVAL1574
- OVAL1614
- OVAL1619
- OVAL1649
- OVAL1667
- OVAL1687
- OVAL1698
- OVAL1811
- OVAL1829
- OVAL1848
- OVAL1855
- OVAL1887
- OVAL1901
- OVAL1903
- OVAL1929
- OVAL1947
- OVAL1955
- OVAL1968
- OVAL1975
- OVAL2020
- OVAL2023
- OVAL2024
- OVAL417
- OVAL550
- OVAL670
- OVAL729
- OVAL773
- OVAL781
- OVAL808
- OVAL817
- OVAL9111
- OVAL9167
- OVAL9405
- OVAL9543
- OVAL9604
- OVAL9777
- OVAL9808
- OVAL9817
- RHSA-2005:038
- RHSA-2005:094
- RHSA-2005:176
- RHSA-2005:277
- RHSA-2005:323
- RHSA-2005:335
- RHSA-2005:336
- RHSA-2005:337
- RHSA-2005:383
- RHSA-2005:384
- RHSA-2005:386
- RHSA-2005:434
- RHSA-2005:435
- RHSA-2005:586
- RHSA-2005:587
- RHSA-2005:601
- RHSA-2005:785
- RHSA-2005:789
- RHSA-2005:791
- RHSA-2006:0199
- RHSA-2006:0200
- RHSA-2006:0271
- RHSA-2006:0328
- RHSA-2006:0329
- RHSA-2006:0330
- 20060201-01-U
- 20060404-01-U
- SUSE-SA:2005:016
- SUSE-SA:2005:045
- SUSE-SA:2005:058
- SUSE-SA:2006:004
- SUSE-SA:2006:019
- SUSE-SA:2006:021
- SUSE-SA:2006:022
- SUSE-SA:2006:035
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:036
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:037
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:052
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:060
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078
- http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
- http://marc.theaimsgroup.com/?l=bugtraq&m=110436284718949&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=110780717916478&w=2
- http://marc.theaimsgroup.com/?l=bugtraq&m=110780995232064&w=2
- http://marc.theaimsgroup.com/?l=full-disclosure&m=113404911919629&w=2
- http://marc.theaimsgroup.com/?l=full-disclosure&m=113405896025702&w=2
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://www.freeradius.org/security.html
- http://www.freeradius.org/security/20050909-response-to-suse.txt
- http://www.freeradius.org/security/20050909-vendor-sec.txt
- http://www.frsirt.com/english/advisories/2005/0296
- http://www.frsirt.com/english/advisories/2005/0530
- http://www.frsirt.com/english/advisories/2005/1075
- http://www.frsirt.com/english/advisories/2005/1824
- http://www.frsirt.com/english/advisories/2005/2805
- http://www.frsirt.com/english/advisories/2006/0413
- http://www.frsirt.com/english/advisories/2006/1016
- http://www.frsirt.com/english/advisories/2006/1356
- http://www.frsirt.com/english/advisories/2006/3391
- http://www.frsirt.com/english/advisories/2007/0058
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:173
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
- http://www.mikx.de/firedragging/
- http://www.mozilla.org/security/announce/2006/mfsa2006-01.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-05.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-21.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
- http://www.mozilla.org/security/announce/2006/mfsa2006-29.html
- http://www.mozilla.org/security/announce/mfsa2005-02.html
- http://www.mozilla.org/security/announce/mfsa2005-06.html
- http://www.mozilla.org/security/announce/mfsa2005-11.html
- http://www.mozilla.org/security/announce/mfsa2005-15.html
- http://www.mozilla.org/security/announce/mfsa2005-17.html
- http://www.mozilla.org/security/announce/mfsa2005-18.html
- http://www.mozilla.org/security/announce/mfsa2005-21.html
- http://www.mozilla.org/security/announce/mfsa2005-25.html
- http://www.mozilla.org/security/announce/mfsa2005-30.html
- http://www.mozilla.org/security/announce/mfsa2005-33.html
- http://www.mozilla.org/security/announce/mfsa2005-40.html
- http://www.mozilla.org/security/announce/mfsa2005-41.html
- http://www.mozilla.org/security/announce/mfsa2005-44.html
- http://www.mozilla.org/security/announce/mfsa2005-46.html
- http://www.mozilla.org/security/announce/mfsa2005-50.html
- http://www.mozilla.org/security/announce/mfsa2005-52.html
- http://www.mozilla.org/security/announce/mfsa2005-55.html
- http://www.mozilla.org/security/announce/mfsa2005-56.html
- http://www.mozilla.org/security/announce/mfsa2005-58.html
- http://www.mozilla.org/security/announce/mfsa2005-59.html
- http://www.mozilla.org/security/announce/mfsa2006-01.html
- http://www.mozilla.org/security/announce/mfsa2006-03.html
- http://www.mozilla.org/security/announce/mfsa2006-05.html
- http://www.mozilla.org/security/history-title.html
- http://www.networksecurity.fi/advisories/netscape-history.html
- http://www.networksecurity.fi/advisories/netscape-multiple-issues.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
- http://www.securityfocus.com/archive/1/426347
- http://www.securityfocus.com/archive/1/archive/1/425786/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/425975/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/425978/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/431060/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/431126/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/432103/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/434524/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
- http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
- http://www.trustix.org/errata/2006/0020
- http://www.ubuntu.com/usn/usn-200-1
- http://www.ubuntulinux.org/support/documentation/usn/usn-157-1
- http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
- http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
- http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
- http://www.zerodayinitiative.com/advisories/ZDI-06-009.html
- http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066
- http://xforce.iss.net/xforce/alerts/id/191
- https://bugzilla.mozilla.org/show_bug.cgi?id=241440
- https://bugzilla.mozilla.org/show_bug.cgi?id=251297
- https://bugzilla.mozilla.org/show_bug.cgi?id=265736
- https://bugzilla.mozilla.org/show_bug.cgi?id=268059
- https://bugzilla.mozilla.org/show_bug.cgi?id=268107
- https://bugzilla.mozilla.org/show_bug.cgi?id=271194
- https://bugzilla.mozilla.org/show_bug.cgi?id=279945
- https://bugzilla.mozilla.org/show_bug.cgi?id=282105
- https://bugzilla.mozilla.org/show_bug.cgi?id=288688
- https://bugzilla.mozilla.org/show_bug.cgi?id=289074
- https://bugzilla.mozilla.org/show_bug.cgi?id=289083
- https://bugzilla.mozilla.org/show_bug.cgi?id=289961
- https://bugzilla.mozilla.org/show_bug.cgi?id=290162
- https://bugzilla.mozilla.org/show_bug.cgi?id=292589
- https://bugzilla.mozilla.org/show_bug.cgi?id=292591
- https://bugzilla.mozilla.org/show_bug.cgi?id=293527
- https://bugzilla.mozilla.org/show_bug.cgi?id=294795
- https://bugzilla.mozilla.org/show_bug.cgi?id=294799
- https://bugzilla.mozilla.org/show_bug.cgi?id=295011
- https://bugzilla.mozilla.org/show_bug.cgi?id=295854
- https://bugzilla.mozilla.org/show_bug.cgi?id=296397
- https://bugzilla.mozilla.org/show_bug.cgi?id=298892
- https://bugzilla.mozilla.org/show_bug.cgi?id=313373
- https://bugzilla.mozilla.org/show_bug.cgi?id=315254
- https://bugzilla.mozilla.org/show_bug.cgi?id=316885
- https://bugzilla.mozilla.org/show_bug.cgi?id=319847
- https://bugzilla.mozilla.org/show_bug.cgi?id=322045
- https://bugzilla.mozilla.org/show_bug.cgi?id=326615
- https://bugzilla.mozilla.org/show_bug.cgi?id=327014
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
- 17832
- 18711
- 19172
- 19269
- 20123
- 21332
- 22211
- 22378
- 22380
- 24430
- 24434
- 24959
- 25352
- 25806
- 25807
- 25808
- 25809
- 25810
- 25811
- 25812
- 25813
- 25814
- 25815
- 25816
- 25817
- 25818
- 25819
- 25820
- 25823
- 25824
- 25825
- 25826
- 25827
- 25983
- 25985
- 42654
View more
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center