CVE-2006-1045

LOW

Description

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

References

http://secunia.com/advisories/19821

http://secunia.com/advisories/19823

http://secunia.com/advisories/19863

http://secunia.com/advisories/19902

http://secunia.com/advisories/19941

http://secunia.com/advisories/19950

http://secunia.com/advisories/20051

http://secunia.com/advisories/22065

http://securityreason.com/securityalert/514

http://www.debian.org/security/2006/dsa-1046

http://www.debian.org/security/2006/dsa-1051

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

http://www.mozilla.org/security/announce/2006/mfsa2006-26.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2006-0330.html

http://www.securityfocus.com/archive/1/426347

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/bid/16881

http://www.securityfocus.com/bid/17516

http://www.vupen.com/english/advisories/2006/1356

http://www.vupen.com/english/advisories/2006/3749

https://exchange.xforce.ibmcloud.com/vulnerabilities/24959

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975

https://usn.ubuntu.com/276-1/

Details

Source: MITRE

Published: 2006-03-07

Updated: 2018-10-18

Risk Information

CVSS v2.0

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW