Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0884

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

Published

2006-02-24T22:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	thunderbird	≤ 1.0.7	Yes
Application	mozilla	thunderbird	0.1	Yes
Application	mozilla	thunderbird	0.2	Yes
Application	mozilla	thunderbird	0.3	Yes
Application	mozilla	thunderbird	0.4	Yes
Application	mozilla	thunderbird	0.5	Yes
Application	mozilla	thunderbird	0.6	Yes
Application	mozilla	thunderbird	0.7	Yes
Application	mozilla	thunderbird	0.7.1	Yes
Application	mozilla	thunderbird	0.7.2	Yes
Application	mozilla	thunderbird	0.7.3	Yes
Application	mozilla	thunderbird	0.8	Yes
Application	mozilla	thunderbird	0.9	Yes
Application	mozilla	thunderbird	1.0	Yes
Application	mozilla	thunderbird	1.0.1	Yes
Application	mozilla	thunderbird	1.0.2	Yes
Application	mozilla	thunderbird	1.0.5	Yes
Application	mozilla	thunderbird	1.0.6	Yes

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc ([email protected])
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html ([email protected])
http://secunia.com/advisories/19721 Vendor Advisory ([email protected])
http://secunia.com/advisories/19811 Vendor Advisory ([email protected])
http://secunia.com/advisories/19821 Vendor Advisory ([email protected])
http://secunia.com/advisories/19823 Vendor Advisory ([email protected])
http://secunia.com/advisories/19863 Vendor Advisory ([email protected])
http://secunia.com/advisories/19902 Vendor Advisory ([email protected])
http://secunia.com/advisories/19941 Vendor Advisory ([email protected])
http://secunia.com/advisories/19950 Vendor Advisory ([email protected])
http://secunia.com/advisories/20051 Vendor Advisory ([email protected])
http://secunia.com/advisories/21033 Vendor Advisory ([email protected])
http://secunia.com/advisories/21622 Vendor Advisory ([email protected])
http://secunia.com/advisories/22065 Vendor Advisory ([email protected])
http://securitytracker.com/id?1015665 Exploit ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm ([email protected])
http://www.debian.org/security/2006/dsa-1046 Patch ([email protected])
http://www.debian.org/security/2006/dsa-1051 Patch ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:052 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 ([email protected])
http://www.mozilla.org/security/announce/2006/mfsa2006-21.html Vendor Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2006_04_25.html ([email protected])
http://www.osvdb.org/23653 ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0329.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0330.html ([email protected])
http://www.securityfocus.com/archive/1/425786/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/436296/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/438730/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/438730/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/446657/100/200/threaded ([email protected])
http://www.securityfocus.com/archive/1/446657/100/200/threaded ([email protected])
http://www.securityfocus.com/bid/16770 Exploit, Patch ([email protected])
http://www.vupen.com/english/advisories/2006/3749 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/25983 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10782 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024 ([email protected])
https://usn.ubuntu.com/276-1/ ([email protected])
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19721 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19811 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19821 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19823 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19863 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19902 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19941 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19950 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20051 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21033 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21622 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22065 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015665 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1046 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1051 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:052 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2006/mfsa2006-21.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_04_25.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/23653 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0329.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0330.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/425786/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/436296/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/438730/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/438730/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446657/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446657/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16770 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3749 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25983 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10782 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/276-1/ (af854a3a-2127-422b-91ae-364da2661108)