Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2006-1045

Published: 07/03/2006 Updated: 18/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Mozilla

Vulnerability Summary

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote malicious users to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird 1.5

Vendor Advisories

Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user (CVE-2006-0292, CVE-2006-1742) ...
Mozilla: Mail Multiple Information Disclosure
Mozilla Foundation Security Advisory 2006-26 Mail Multiple Information Disclosure Announced April 13, 2006 Reporter CrashFr Impact Low Products Thunderbird Fixed in Thunderbird 10 ...

Exploits

Exploit DB: Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities
source: wwwsecurityfocuscom/bid/16881/info Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages These issues allow remote attackers to gain access to potentially ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/426347http://www.securityfocus.com/bid/16881http://www.mozilla.org/security/announce/2006/mfsa2006-26.htmlhttp://www.securityfocus.com/bid/17516http://secunia.com/advisories/19821http://www.debian.org/security/2006/dsa-1046http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlhttp://secunia.com/advisories/19823http://secunia.com/advisories/19863http://secunia.com/advisories/19902http://www.debian.org/security/2006/dsa-1051http://secunia.com/advisories/19950http://secunia.com/advisories/19941http://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlhttp://www.redhat.com/support/errata/RHSA-2006-0330.htmlhttp://secunia.com/advisories/20051http://www.mandriva.com/security/advisories?name=MDKSA-2006:078http://secunia.com/advisories/22065http://securityreason.com/securityalert/514http://www.vupen.com/english/advisories/2006/1356http://www.vupen.com/english/advisories/2006/3749http://www.novell.com/linux/security/advisories/2006_04_25.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24959https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254https://usn.ubuntu.com/276-1/http://www.securityfocus.com/archive/1/446657/100/200/threadedhttps://usn.ubuntu.com/276-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/27337/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook