ID CVE-2006-1045
Summary The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2013-04-29T04:04:03.703-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
    family unix
    id oval:org.mitre.oval:def:10254
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
    version 23
  • accepted 2011-02-21T04:00:47.609-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
    family windows
    id oval:org.mitre.oval:def:1975
    status accepted
    submitted 2006-05-07T09:05:00.000-04:00
    title Mozilla Mail Multiple Information Disclosure
    version 6
redhat via4
advisories
rhsa
id RHSA-2006:0330
refmap via4
bid
  • 16881
  • 17516
bugtraq 20060228 Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
confirm http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
debian
  • DSA-1046
  • DSA-1051
gentoo
  • GLSA-200604-18
  • GLSA-200605-09
hp
  • HPSBUX02156
  • SSRT061236
mandriva MDKSA-2006:078
secunia
  • 19821
  • 19823
  • 19863
  • 19902
  • 19941
  • 19950
  • 20051
  • 22065
sreason 514
suse SUSE-SA:2006:022
ubuntu USN-276-1
vupen
  • ADV-2006-1356
  • ADV-2006-3749
xf thunderbird-inline-information-disclosure(24959)
Last major update 18-10-2018 - 16:30
Published 07-03-2006 - 11:02
Back to Top