fkie_cve-2006-1045
Vulnerability from fkie_nvd
Published
2006-03-07 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
References
cve@mitre.orghttp://secunia.com/advisories/19821
cve@mitre.orghttp://secunia.com/advisories/19823
cve@mitre.orghttp://secunia.com/advisories/19863
cve@mitre.orghttp://secunia.com/advisories/19902
cve@mitre.orghttp://secunia.com/advisories/19941
cve@mitre.orghttp://secunia.com/advisories/19950
cve@mitre.orghttp://secunia.com/advisories/20051
cve@mitre.orghttp://secunia.com/advisories/22065
cve@mitre.orghttp://securityreason.com/securityalert/514
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1046
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1051
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:078
cve@mitre.orghttp://www.mozilla.org/security/announce/2006/mfsa2006-26.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0330.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/426347Exploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/446657/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/446657/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/16881
cve@mitre.orghttp://www.securityfocus.com/bid/17516
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1356
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3749
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24959
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975
cve@mitre.orghttps://usn.ubuntu.com/276-1/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19821
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19863
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19902
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19941
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19950
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20051
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22065
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/514
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1046
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1051
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0330.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/426347Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446657/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446657/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16881
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17516
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1356
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3749
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24959
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/276-1/
Impacted products
Vendor Product Version
mozilla thunderbird 1.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB87608-0DF8-4729-95C5-CFA386AB3AC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTML rendering engine in Mozilla Thunderbird 1.5, when \"Block loading of remote images in mail messages\" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed."
    }
  ],
  "id": "CVE-2006-1045",
  "lastModified": "2024-11-21T00:07:57.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-03-07T11:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19941"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22065"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/514"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1046"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-26.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/426347"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16881"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17516"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1356"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3749"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24959"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/276-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-26.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/426347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/276-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.