5.1

CVE-2006-0236

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.5 Updatebeta2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.06% 0.79
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://secunia.com/advisories/15907
Patch
Vendor Advisory
http://secunia.com/secunia_research/2005-22/advisory
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:021
http://www.securityfocus.com/archive/1/422148/100/0/threaded
http://www.securityfocus.com/bid/16271
Patch
http://www.vupen.com/english/advisories/2006/0230
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=300246
https://exchange.xforce.ibmcloud.com/vulnerabilities/24164