Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0148

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0148
Last Modified 10 Sep 2008 03:35:02
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0148

Summary

Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.

Vulnerable Systems

Application

  • Mozilla Thunderbird 0.6

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.8


References

XF - thunderbird-javascript-handler-launch(19173)

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=263546

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-10.html

BID - 12407


Last Updated: 27 May 2016 10:39:42