CVE-2006-1045 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1045
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1045

Description: The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24959 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-276-1 SUSE http://www.novell.com/linux/security/advisories/2006_04_25.html SREASON http://securityreason.com/securityalert/514 SAID Secunia Advisory: SA22065 Secunia Advisory: SA20051 Secunia Advisory: SA19941 Secunia Advisory: SA19823 Secunia Advisory: SA19821 Secunia Advisory: SA19863 Secunia Advisory: SA19902 Secunia Advisory: SA19950 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0330.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1975 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:078 HP http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml DEBIAN http://www.debian.org/security/2006/dsa-1051 http://www.debian.org/security/2006/dsa-1046 CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-26.html BUGTRAQ http://www.securityfocus.com/archive/1/426347 BID 17516 16881

Return to the previous page.