CVE-2006-1045low
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
References
http://secunia.com/advisories/19821
http://secunia.com/advisories/19823
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/22065
http://securityreason.com/securityalert/514
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
http://www.securityfocus.com/archive/1/426347
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/bid/16881
http://www.securityfocus.com/bid/17516
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3749
https://exchange.xforce.ibmcloud.com/vulnerabilities/24959
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975
Details
Source: MITRE
Published: 2006-03-07
Updated: 2018-10-18
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 2.6
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 4.9
Severity: LOW
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 22593 | Debian DSA-1051-1 : mozilla-thunderbird - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 22588 | Debian DSA-1046-1 : mozilla - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 21994 | CentOS 4 : thunderbird (CESA-2006:0330) | Nessus | CentOS Local Security Checks | critical |
| 21461 | FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9) | Nessus | FreeBSD Local Security Checks | critical |
| 21351 | GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 21321 | Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1) | Nessus | Ubuntu Local Security Checks | critical |
| 21315 | GLSA-200604-18 : Mozilla Suite: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 21288 | RHEL 4 : thunderbird (RHSA-2006:0330) | Nessus | Red Hat Local Security Checks | critical |
| 21284 | Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078) | Nessus | Mandriva Local Security Checks | critical |
| 3516 | SeaMonkey < 1.0.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 3514 | Mozilla Firefox < 1.7.13 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 3513 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | SMTP Clients | medium |
| 3512 | Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 801357 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
| 801226 | Mozilla Browser < 1.7.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 801220 | Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |