[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0884Date: (C)2006-02-24   (M)2023-12-22


The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1015665
SUNALERT-102550
BID-16770
SECUNIA-19721
SECUNIA-19811
SECUNIA-19821
SECUNIA-19823
SECUNIA-19863
SECUNIA-19902
SECUNIA-19941
SECUNIA-19950
SECUNIA-20051
http://www.securityfocus.com/archive/1/425786/100/0/threaded
20060404-01-U
SECUNIA-21033
SECUNIA-21622
SECUNIA-22065
SUNALERT-228526
OSVDB-23653
ADV-2006-3749
DSA-1046
DSA-1051
FLSA:189137-1
GLSA-200604-18
GLSA-200605-09
HPSBUX02122
MDKSA-2006:052
MDKSA-2006:076
MDKSA-2006:078
RHSA-2006:0329
RHSA-2006:0330
SCOSA-2006.26
SSRT061236
SUSE-SA:2006:021
SUSE-SA:2006:022
USN-276-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.mozilla.org/security/announce/2006/mfsa2006-21.html
mozilla-inline-fwd-code-execution(25983)
oval:org.mitre.oval:def:10782
oval:org.mitre.oval:def:2024

CPE    18
cpe:/a:mozilla:thunderbird:0.7.3
cpe:/a:mozilla:thunderbird:0.7.2
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:thunderbird:1.0
...
CWE    1
CWE-20
OVAL    1
oval:org.mitre.oval:def:2024

© SecPod Technologies