Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2226

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2226
Last Modified 05 Sep 2008 04:43:32
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2226

Summary

Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.

Vulnerable Systems

Application

  • Mozilla Thunderbird 0.8

  • Mozilla Thunderbird 1.7.1

  • Mozilla Thunderbird 1.7.3


References

OSVDB - 11394

SECUNIA - 13086

XF - mozilla-css-obtain-emails(17949)

FULLDISC - 20041102 CSS in E-Mails possible E-Mail-Validity Check for Spammers?


Last Updated: 27 May 2016 10:39:24