9.3

CVE-2006-0884

Exploit
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaThunderbird Version <= 1.0.7
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.07% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/19823
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://secunia.com/advisories/19863
Vendor Advisory
http://secunia.com/advisories/19941
Vendor Advisory
http://www.debian.org/security/2006/dsa-1046
Patch
http://www.debian.org/security/2006/dsa-1051
Patch
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
http://secunia.com/advisories/19902
Vendor Advisory
http://secunia.com/advisories/21033
Vendor Advisory
http://secunia.com/advisories/21622
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.securityfocus.com/archive/1/438730/100/0/threaded
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://secunia.com/advisories/19811
Vendor Advisory
http://secunia.com/advisories/19821
Vendor Advisory
http://secunia.com/advisories/19950
Vendor Advisory
http://secunia.com/advisories/20051
Vendor Advisory
http://secunia.com/advisories/22065
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.redhat.com/support/errata/RHSA-2006-0330.html
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.vupen.com/english/advisories/2006/3749
Vendor Advisory
https://usn.ubuntu.com/276-1/
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19721
Vendor Advisory
http://securitytracker.com/id?1015665
Exploit
http://www.mandriva.com/security/advisories?name=MDKSA-2006:052
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mozilla.org/security/announce/2006/mfsa2006-21.html
Vendor Advisory
http://www.osvdb.org/23653
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.securityfocus.com/archive/1/425786/100/0/threaded
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/bid/16770
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25983
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024