Vulnerability Description
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Thunderbird | 1.5 |
References
- http://secunia.com/advisories/19821
- http://secunia.com/advisories/19823
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://secunia.com/advisories/19941
- http://secunia.com/advisories/19950
- http://secunia.com/advisories/20051
- http://secunia.com/advisories/22065
- http://securityreason.com/securityalert/514
- http://www.debian.org/security/2006/dsa-1046
- http://www.debian.org/security/2006/dsa-1051
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
- http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
FAQ
What is CVE-2006-1045?
CVE-2006-1045 is a vulnerability with a CVSS score of 2.6 (LOW). The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which cou...
How severe is CVE-2006-1045?
CVE-2006-1045 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1045?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Thunderbird.