CVE-2006-0236
https://notcve.org/view.php?id=CVE-2006-0236
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. • http://secunia.com/advisories/15907 http://secunia.com/secunia_research/2005-22/advisory http://www.mandriva.com/security/advisories?name=MDKSA-2006:021 http://www.securityfocus.com/archive/1/422148/100/0/threaded http://www.securityfocus.com/bid/16271 http://www.vupen.com/english/advisories/2006/0230 https://bugzilla.mozilla.org/show_bug.cgi?id=300246 https://exchange.xforce.ibmcloud.com/vulnerabilities/24164 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 http://marc.info/?l=full-disclosure&m=111073068631287&w=2 http://secunia.com/advisories/14568 http://securitytracker.com/id?1013423 http://www.osvdb.org/14885 http://www.securityfocus.com/bid/12798 http://www.vupen.com/english/advisories/2005/0260 https://exchange.xforce.ibmcloud.com/vulnerabilities/19540 •
CVE-2005-3402
https://notcve.org/view.php?id=CVE-2005-3402
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. • http://marc.info/?l=bugtraq&m=113028017608146&w=2 http://marc.info/?l=bugtraq&m=113034421329653&w=2 http://www.securityfocus.com/bid/15106 https://bugzilla.mozilla.org/show_bug.cgi?id=311657 •
CVE-2005-2602
https://notcve.org/view.php?id=CVE-2005-2602
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. • http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1682 http://www.securityfocus.com/archive/1/407704 http://www.securityfocus.com/bid/14526 •
CVE-2005-2353
https://notcve.org/view.php?id=CVE-2005-2353
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. run-mozilla.sh en Thunderbird, con debuggin activado, permite que usuarios locales creen o escriban en ficheros arbitrarios mediante un ataque symlink en ficheros temporales. • http://secunia.com/advisories/19863 http://secunia.com/advisories/19941 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 http://www.mandriva.com/security/advisories?name=MDKSA-2005:173 http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 http://www.securityfocus.com/bid/14443 https://usn.ubuntu.com/157-1 •