// For flags

CVE-2006-1045

Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-02-28 First Exploit
  • 2006-03-07 CVE Reserved
  • 2006-03-07 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (30)
URL Tag Source
http://secunia.com/advisories/19821 Third Party Advisory
http://secunia.com/advisories/19823 Third Party Advisory
http://secunia.com/advisories/19863 Third Party Advisory
http://secunia.com/advisories/19902 Third Party Advisory
http://secunia.com/advisories/19941 Third Party Advisory
http://secunia.com/advisories/19950 Third Party Advisory
http://secunia.com/advisories/20051 Third Party Advisory
http://secunia.com/advisories/22065 Third Party Advisory
http://securityreason.com/securityalert/514 Third Party Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-26.html X_refsource_confirm
http://www.securityfocus.com/bid/16881 Vdb Entry
http://www.securityfocus.com/bid/17516 Vdb Entry
http://www.vupen.com/english/advisories/2006/1356 Vdb Entry
http://www.vupen.com/english/advisories/2006/3749 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24959 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975 Signature
URL Date SRC
https://www.exploit-db.com/exploits/27337 2006-02-28
http://www.securityfocus.com/archive/1/426347 2024-08-07
URL Date SRC
URL Date SRC
http://www.debian.org/security/2006/dsa-1046 2018-10-18
http://www.debian.org/security/2006/dsa-1051 2018-10-18
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml 2018-10-18
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml 2018-10-18
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 2018-10-18
http://www.novell.com/linux/security/advisories/2006_04_25.html 2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0330.html 2018-10-18
http://www.securityfocus.com/archive/1/446657/100/200/threaded 2018-10-18
https://usn.ubuntu.com/276-1 2018-10-18
https://access.redhat.com/security/cve/CVE-2006-1045 2006-04-21
https://bugzilla.redhat.com/show_bug.cgi?id=1618023 2006-04-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
 1.5
Search vendor "Mozilla" for product "Thunderbird" and version "1.5"
-
Affected