CVE-2006-0884

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

http://secunia.com/advisories/19721

http://secunia.com/advisories/19811

http://secunia.com/advisories/19821

http://secunia.com/advisories/19823

http://secunia.com/advisories/19863

http://secunia.com/advisories/19902

http://secunia.com/advisories/19941

http://secunia.com/advisories/19950

http://secunia.com/advisories/20051

http://secunia.com/advisories/21033

http://secunia.com/advisories/21622

http://secunia.com/advisories/22065

http://securitytracker.com/id?1015665

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

http://www.debian.org/security/2006/dsa-1046

http://www.debian.org/security/2006/dsa-1051

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:052

http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

http://www.mozilla.org/security/announce/2006/mfsa2006-21.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.osvdb.org/23653

http://www.redhat.com/support/errata/RHSA-2006-0329.html

http://www.redhat.com/support/errata/RHSA-2006-0330.html

http://www.securityfocus.com/archive/1/425786/100/0/threaded

http://www.securityfocus.com/archive/1/436296/100/0/threaded

http://www.securityfocus.com/archive/1/438730/100/0/threaded

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/bid/16770

http://www.vupen.com/english/advisories/2006/3749

https://exchange.xforce.ibmcloud.com/vulnerabilities/25983

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10782

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024

https://usn.ubuntu.com/276-1/

Details

Source: MITRE

Published: 2006-02-24

Updated: 2018-10-18

Type: CWE-20

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
24403Solaris 9 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
24395Solaris 8 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
23773Solaris 9 (x86) : 120672-08NessusSolaris Local Security Checks
critical
23772Solaris 8 (x86) : 120672-08NessusSolaris Local Security Checks
critical
22987Solaris 10 (x86) : 119116-35 (deprecated)NessusSolaris Local Security Checks
critical
22954Solaris 10 (sparc) : 119115-36 (deprecated)NessusSolaris Local Security Checks
critical
22593Debian DSA-1051-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
critical
22588Debian DSA-1046-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
critical
21994CentOS 4 : thunderbird (CESA-2006:0330)NessusCentOS Local Security Checks
critical
21898CentOS 3 / 4 : mozilla (CESA-2006:0329)NessusCentOS Local Security Checks
critical
21440FreeBSD : thunderbird -- javascript execution (61349f77-c620-11da-b2fb-000e0c2e438a)NessusFreeBSD Local Security Checks
high
21351GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
21321Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)NessusUbuntu Local Security Checks
critical
21315GLSA-200604-18 : Mozilla Suite: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
21288RHEL 4 : thunderbird (RHSA-2006:0330)NessusRed Hat Local Security Checks
critical
21284Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078)NessusMandriva Local Security Checks
critical
21257RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0329)NessusRed Hat Local Security Checks
critical
21226SeaMonkey < 1.0.1 Multiple VulnerabilitiesNessusWindows
high
21004Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:052)NessusMandriva Local Security Checks
high
3258Mozilla Thunderbird < 1.5 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium