CVE-2006-1045

medium

Description

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

References

https://usn.ubuntu.com/276-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254

https://exchange.xforce.ibmcloud.com/vulnerabilities/24959

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2006/1356

http://www.securityfocus.com/bid/17516

http://www.securityfocus.com/bid/16881

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.redhat.com/support/errata/RHSA-2006-0330.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.mozilla.org/security/announce/2006/mfsa2006-26.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://www.debian.org/security/2006/dsa-1051

http://www.debian.org/security/2006/dsa-1046

http://securityreason.com/securityalert/514

http://secunia.com/advisories/22065

http://secunia.com/advisories/20051

http://secunia.com/advisories/19950

http://secunia.com/advisories/19941

http://secunia.com/advisories/19902

http://secunia.com/advisories/19863

http://secunia.com/advisories/19823

http://secunia.com/advisories/19821

Details

Source: Mitre, NVD

Published: 2006-03-07

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium