Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0884

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-0884
Last Modified 25 May 2011 12:00:00
Published 24 Feb 2006 05:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0884

Summary

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

Vulnerable Systems

Application

  • Mozilla Thunderbird 0.1

  • Mozilla Thunderbird 0.2

  • Mozilla Thunderbird 0.3

  • Mozilla Thunderbird 0.4

  • Mozilla Thunderbird 0.5

  • Mozilla Thunderbird 0.6

  • Mozilla Thunderbird 0.7

  • Mozilla Thunderbird 0.7.1

  • Mozilla Thunderbird 0.7.2

  • Mozilla Thunderbird 0.7.3

  • Mozilla Thunderbird 0.8

  • Mozilla Thunderbird 0.9

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7


References

BID - 16770

DEBIAN - DSA-1051

DEBIAN - DSA-1046

XF - mozilla-inline-fwd-code-execution(25983)

VUPEN - ADV-2006-3749

UBUNTU - USN-276-1

HP - HPSBUX02156

HP - SSRT061158

FEDORA - FLSA:189137-1

BUGTRAQ - 20060222 Mozilla Thunderbird : Remote Code Execution & Denial of Service

REDHAT - RHSA-2006:0330

REDHAT - RHSA-2006:0329

OSVDB - 23653

SUSE - SUSE-SA:2006:022

SUSE - SUSE-SA:2006:004

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-21.html

MANDRIVA - MDKSA-2006:078

MANDRIVA - MDKSA-2006:076

MANDRIVA - MDKSA-2006:052

GENTOO - GLSA-200605-09

GENTOO - GLSA-200604-18

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

SUNALERT - 228526

SUNALERT - 102550

SECTRACK - 1015665

SECUNIA - 22065

SECUNIA - 21622

SECUNIA - 21033

SECUNIA - 20051

SECUNIA - 19950

SECUNIA - 19941

SECUNIA - 19902

SECUNIA - 19863

SECUNIA - 19823

SECUNIA - 19821

SECUNIA - 19811

SECUNIA - 19721

SUSE - SUSE-SA:2006:021

SGI - 20060404-01-U

SCO - SCOSA-2006.26

HP - SSRT061236

HP - HPSBUX02122


Last Updated: 27 May 2016 10:42:34