Vulnerability Description
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | <= 5.10 |
| Enigmail | Enigmail | <= 0.92.0 |
References
- http://bugzilla.mozdev.org/show_bug.cgi?id=9730
- http://enigmail.mozdev.org/changelog.html#enig0.94.2
- http://www.securityfocus.com/bid/22684
- http://www.ubuntu.com/usn/usn-427-1Patch
- http://bugzilla.mozdev.org/show_bug.cgi?id=9730
- http://enigmail.mozdev.org/changelog.html#enig0.94.2
- http://www.securityfocus.com/bid/22684
- http://www.ubuntu.com/usn/usn-427-1Patch
FAQ
What is CVE-2006-5877?
CVE-2006-5877 is a vulnerability with a CVSS score of 7.8 (HIGH). The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla...
How severe is CVE-2006-5877?
CVE-2006-5877 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5877?
Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Ubuntu Linux, Enigmail Enigmail.