FKIE_CVE-2006-1045

Vulnerability from fkie_nvd - Published: 2006-03-07 11:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
References
cve@mitre.orghttp://secunia.com/advisories/19821
cve@mitre.orghttp://secunia.com/advisories/19823
cve@mitre.orghttp://secunia.com/advisories/19863
cve@mitre.orghttp://secunia.com/advisories/19902
cve@mitre.orghttp://secunia.com/advisories/19941
cve@mitre.orghttp://secunia.com/advisories/19950
cve@mitre.orghttp://secunia.com/advisories/20051
cve@mitre.orghttp://secunia.com/advisories/22065
cve@mitre.orghttp://securityreason.com/securityalert/514
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1046
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1051
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:078
cve@mitre.orghttp://www.mozilla.org/security/announce/2006/mfsa2006-26.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0330.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/426347Exploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/446657/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/16881
cve@mitre.orghttp://www.securityfocus.com/bid/17516
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1356
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3749
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24959
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975
cve@mitre.orghttps://usn.ubuntu.com/276-1/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19821
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19863
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19902
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19941
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19950
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20051
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22065
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/514
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1046
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1051
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0330.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/426347Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446657/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16881
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17516
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1356
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3749
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24959
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/276-1/
Impacted products
Vendor Product Version
mozilla thunderbird 1.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB87608-0DF8-4729-95C5-CFA386AB3AC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTML rendering engine in Mozilla Thunderbird 1.5, when \"Block loading of remote images in mail messages\" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed."
    }
  ],
  "id": "CVE-2006-1045",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-03-07T11:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19821"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19941"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22065"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/514"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1046"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-26.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/426347"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16881"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17516"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1356"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3749"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24959"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/276-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-26.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/426347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/276-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.