Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0149

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0149
Last Modified 07 Mar 2011 09:19:36
Published 15 Feb 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0149

Summary

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages.

Vulnerable Systems

Application

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla Thunderbird 0.6

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.7.1

  • Mozilla Thunderbird 0.7.2

  • Mozilla Thunderbird 0.7.3

  • Mozilla Thunderbird 0.9


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=268107

XF - mozilla-cookie-policy-bypass(19172)

REDHAT - RHSA-2005:335

REDHAT - RHSA-2005:323

REDHAT - RHSA-2005:094

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-11.html

SUSE - SUSE-SA:2006:004

BID - 12407

SECUNIA - 19823

SUSE - SUSE-SA:2006:022


Last Updated: 27 May 2016 10:39:19