Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0236

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0236
Last Modified 07 Mar 2011 12:00:00
Published 17 Jan 2006 08:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0236

Summary

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.

Vulnerable Systems

Application

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.5


References

BID - 16271

BUGTRAQ - 20060117 Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability

MISC - http://secunia.com/secunia_research/2005-22/advisory

SECUNIA - 15907

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=300246

XF - thunderbird-attachment-ext-spoofing(24164)

VUPEN - ADV-2006-0230

MANDRIVA - MDKSA-2006:021


Last Updated: 27 May 2016 10:41:35