6.8 Medium
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.799 High
EPSS
Percentile
98.3%
Georgi Guninski and David Bienvenu discovered that long Content-Type and
RFC2047-encoded headers we vulnerable to heap overflows. By tricking
the user into opening a specially crafted email, an attacker could
execute arbitrary code with user privileges. (CVE-2006-6506)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges or bypass internal XSS protections
by tricking the user into opening a malicious email containing
JavaScript. Please note that JavaScript is disabled by default for
emails, and it is not recommended to enable it. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6503)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 6.10 | noarch | mozilla-thunderbird | < 1.5.0.9-0ubuntu0.6.10 | UNKNOWN |
Ubuntu | 6.10 | noarch | mozilla-thunderbird-dev | < 1.5.0.9-0ubuntu0.6.10 | UNKNOWN |
Ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.9-0ubuntu0.6.06 | UNKNOWN |
Ubuntu | 6.06 | noarch | mozilla-thunderbird-dev | < 1.5.0.9-0ubuntu0.6.06 | UNKNOWN |
Ubuntu | 5.10 | noarch | mozilla-thunderbird | < 1.5.0.9-0ubuntu0.5.10 | UNKNOWN |
Ubuntu | 5.10 | noarch | mozilla-thunderbird-dev | < 1.5.0.9-0ubuntu0.5.10 | UNKNOWN |