CVE-2006-0884

Mozilla Thunderbird < 1.0.7 - Improper Input Validation

Title source: rule

Description

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · htmldoslinux

https://www.exploit-db.com/exploits/27257

View Code ZIP pw:eip

References (41)

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/3749

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23653

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/425786/100/0/threaded

[Vendor Advisory] http://www.mozilla.org/security/announce/2006/mfsa2006-21.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0330.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024

[Vendor Advisory] http://secunia.com/advisories/19902

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

[Vendor Advisory] https://usn.ubuntu.com/276-1/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438730/100/0/threaded

[Exploit] http://securitytracker.com/id?1015665

[Vendor Advisory] http://secunia.com/advisories/19941

[Vendor Advisory] http://secunia.com/advisories/19821

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:052

[Vendor Advisory] http://secunia.com/advisories/21622

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

[Vendor Advisory] http://secunia.com/advisories/19823

[Patch] http://www.debian.org/security/2006/dsa-1051

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0329.html

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

... and 21 more

Scores

EPSS 0.3600

EPSS Percentile 97.1%

Details

CWE

CWE-20

Status published

Products (18)

mozilla/thunderbird 0.1

mozilla/thunderbird 0.2

mozilla/thunderbird 0.3

mozilla/thunderbird 0.4

mozilla/thunderbird 0.5

mozilla/thunderbird 0.6

mozilla/thunderbird 0.7

mozilla/thunderbird 0.7.1

mozilla/thunderbird 0.7.2

mozilla/thunderbird 0.7.3

... and 8 more

Published Feb 24, 2006

Tracked Since Feb 18, 2026