CVE-2006-1045

LOW

Description

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

References

http://secunia.com/advisories/19821

http://secunia.com/advisories/19823

http://secunia.com/advisories/19863

http://secunia.com/advisories/19902

http://secunia.com/advisories/19941

http://secunia.com/advisories/19950

http://secunia.com/advisories/20051

http://secunia.com/advisories/22065

http://securityreason.com/securityalert/514

http://www.debian.org/security/2006/dsa-1046

http://www.debian.org/security/2006/dsa-1051

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

http://www.mozilla.org/security/announce/2006/mfsa2006-26.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2006-0330.html

http://www.securityfocus.com/archive/1/426347

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/bid/16881

http://www.securityfocus.com/bid/17516

http://www.vupen.com/english/advisories/2006/1356

http://www.vupen.com/english/advisories/2006/3749

https://exchange.xforce.ibmcloud.com/vulnerabilities/24959

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975

https://usn.ubuntu.com/276-1/

Details

Source: MITRE

Published: 2006-03-07

Updated: 2018-10-18

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 2.6

Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Tenable Plugins

View all (16 total)

ID	Name	Product	Family	Severity
22593	Debian DSA-1051-1 : mozilla-thunderbird - several vulnerabilities	Nessus	Debian Local Security Checks	critical
22588	Debian DSA-1046-1 : mozilla - several vulnerabilities	Nessus	Debian Local Security Checks	critical
21994	CentOS 4 : thunderbird (CESA-2006:0330)	Nessus	CentOS Local Security Checks	critical
21461	FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9)	Nessus	FreeBSD Local Security Checks	critical
21351	GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
21321	Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)	Nessus	Ubuntu Local Security Checks	critical
21315	GLSA-200604-18 : Mozilla Suite: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
21288	RHEL 4 : thunderbird (RHSA-2006:0330)	Nessus	Red Hat Local Security Checks	critical
21284	Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078)	Nessus	Mandriva Local Security Checks	critical
3516	SeaMonkey < 1.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3514	Mozilla Firefox < 1.7.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3513	Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	medium
3512	Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801357	Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801226	Mozilla Browser < 1.7.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801220	Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high