CVE-2006-1045

Severity

26%

Complexity

49%

Confidentiality

48%

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N).

Overview

First reported 18 years ago

2006-03-07 11:02:00

Last updated 6 years ago

2018-10-18 16:30:00

Affected Software

Mozilla Thunderbird 1.5

1.5

References

19821

19823

19863

19902

19941

19950

20051

22065

514

DSA-1046

DSA-1051

GLSA-200604-18

GLSA-200605-09

MDKSA-2006:078

http://www.mozilla.org/security/announce/2006/mfsa2006-26.html

SUSE-SA:2006:022

RHSA-2006:0330

20060228 Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities

Exploit

SSRT061236

16881

17516

ADV-2006-1356

ADV-2006-3749

thunderbird-inline-information-disclosure(24959)

oval:org.mitre.oval:def:10254

oval:org.mitre.oval:def:1975

USN-276-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.