Vulnerability Description
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Thunderbird | <= 1.0.7 |
Related Weaknesses (CWE)
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
- ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19721Vendor Advisory
- http://secunia.com/advisories/19811Vendor Advisory
- http://secunia.com/advisories/19821Vendor Advisory
- http://secunia.com/advisories/19823Vendor Advisory
- http://secunia.com/advisories/19863Vendor Advisory
- http://secunia.com/advisories/19902Vendor Advisory
- http://secunia.com/advisories/19941Vendor Advisory
- http://secunia.com/advisories/19950Vendor Advisory
- http://secunia.com/advisories/20051Vendor Advisory
- http://secunia.com/advisories/21033Vendor Advisory
- http://secunia.com/advisories/21622Vendor Advisory
- http://secunia.com/advisories/22065Vendor Advisory
FAQ
What is CVE-2006-0884?
CVE-2006-0884 is a vulnerability with a CVSS score of 9.3 (HIGH). The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cau...
How severe is CVE-2006-0884?
CVE-2006-0884 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0884?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Thunderbird.