Release DateOct 19, 2006 |
Severitylow |
ImpactSuccessful exploitation may lead to information disclosure (applicationversion, platform, user emails, user preferences, ...) or could crash the application. |
DescriptionThe WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. |
Affected ProductsMozilla Thunderbird 1.0.7 and earlier |
Recommended ActionsUpgrade to version 1.5.Download page : http://www.mozilla.com/thunderbird/all.html Direct link : http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-0884 |
Reference/shttp://www.securityfocus.com/bid/16770 (BugTraq) |
