7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.5%
Mozilla Thunderbird is a standalone mail and newsgroup client.
A bug was found in the way Thunderbird handled anonymous functions during
regular expression string replacement. It is possible for a malicious HTML
mail to capture a random block of client memory. The Common
Vulnerabilities and Exposures project has assigned this bug the name
CAN-2005-0989.
A bug was found in the way Thunderbird validated several XPInstall related
JavaScript objects. A malicious HTML mail could pass other objects to the
XPInstall objects, resulting in the JavaScript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Thunderbird privileged UI code handled DOM
nodes from the content window. An HTML message could install malicious
JavaScript code or steal data when a user performs commonplace actions such
as clicking a link or opening the context menu. (CAN-2005-1160)
A bug was found in the way Thunderbird executed JavaScript code. JavaScript
executed from HTML mail should run with a restricted access level,
preventing dangerous actions. It is possible that a malicious HTML mail
could execute JavaScript code with elevated privileges, allowing access to
protected data and functions. (CAN-2005-1532)
A bug was found in the way Thunderbird executed Javascript in XBL controls.
It is possible for a malicious HTML mail to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)
A bug was found in the way Thunderbird handled certain Javascript
functions. It is possible for a malicious HTML mail to crash the client by
executing malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Thunderbird handled child frames. It is possible
for a malicious framed HTML mail to steal sensitive information from its
parent frame. (CAN-2005-2266)
A bug was found in the way Thunderbird handled DOM node names. It is
possible for a malicious HTML mail to overwrite a DOM node name, allowing
certain privileged chrome actions to execute the malicious JavaScript.
(CAN-2005-2269)
A bug was found in the way Thunderbird cloned base objects. It is possible
for HTML content to navigate up the prototype chain to gain access to
privileged chrome objects. (CAN-2005-2270)
Users of Thunderbird are advised to upgrade to this updated package that
contains Thunderbird version 1.0.6 and is not vulnerable to these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | thunderbird | < 1.0.6-1.4.1 | thunderbird-1.0.6-1.4.1.ppc.rpm |
RedHat | any | x86_64 | thunderbird | < 1.0.6-1.4.1 | thunderbird-1.0.6-1.4.1.x86_64.rpm |
RedHat | any | s390x | thunderbird | < 1.0.6-1.4.1 | thunderbird-1.0.6-1.4.1.s390x.rpm |
RedHat | any | i386 | thunderbird | < 1.0.6-1.4.1 | thunderbird-1.0.6-1.4.1.i386.rpm |
RedHat | any | s390 | thunderbird | < 1.0.6-1.4.1 | thunderbird-1.0.6-1.4.1.s390.rpm |
RedHat | any | src | thunderbird | < 1.0.6-1.4.1 | thunderbird-1.0.6-1.4.1.src.rpm |
RedHat | any | ia64 | thunderbird | < 1.0.6-1.4.1 | thunderbird-1.0.6-1.4.1.ia64.rpm |