Debian Security Bug TrackerDEBIANCVE:CVE-2006-0884CVE-2006-0884
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.952 High
EPSS
Percentile
99.3%
The WYSIWYG rendering engine (“rich mail” editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 1.5.dfsg+1.5.0.2-1 | firefox_1.5.dfsg+1.5.0.2-1_all.deb |
| Debian | 12 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
| Debian | 11 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
| Debian | 10 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
| Debian | 999 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
| Debian | 13 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.952 High
EPSS
Percentile
99.3%