CVE-2006-4570

Severity

26%

Complexity

49%

Confidentiality

48%

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N).

Overview

Type

Mozilla

First reported 18 years ago

2006-09-15 19:07:00

Last updated 7 years ago

2017-10-11 01:31:00

Affected Software

Mozilla SeaMonkey

Mozilla Thunderbird

References

20060901-01-P

21915

21916

21939

21940

22036

22055

22056

22074

22088

22247

22274

22299

22342

22391

GLSA-200610-01

GLSA-200610-04

1016866

1016867

DSA-1192

MDKSA-2006:169

http://www.mozilla.org/security/announce/2006/mfsa2006-63.html

Vendor Advisory

SUSE-SA:2006:054

RHSA-2006:0676

Patch, Vendor Advisory

RHSA-2006:0677

Patch, Vendor Advisory

20042

USN-350-1

USN-352-1

USN-361-1

DSA-1191

thunderbird-seamonkey-xbl-code-execution(28962)

oval:org.mitre.oval:def:10892

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.