CVE-2006-0884 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-0884
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0884

Description: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25983 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-276-1 SUSE http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://www.novell.com/linux/security/advisories/2006_04_25.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 ST 1015665 SGI SCO SAID Secunia Advisory: SA21622 Secunia Advisory: SA21033 Secunia Advisory: SA19721 Secunia Advisory: SA19941 Secunia Advisory: SA19950 Secunia Advisory: SA19902 Secunia Advisory: SA19811 Secunia Advisory: SA19823 Secunia Advisory: SA19863 Secunia Advisory: SA19821 Secunia Advisory: SA20051 Secunia Advisory: SA22065 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0330.html http://www.redhat.com/support/errata/RHSA-2006-0329.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2024 OSVDB 23653 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 http://www.mandriva.com/security/advisories?name=MDKSA-2006:052 HP http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml FEDORA http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded DEBIAN http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/2006/mfsa2006-21.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/425786/100/0/threaded BID 16770

Return to the previous page.