Lucene search
Mozilla FoundationMFSA2006-21HistoryApr 21, 2006 - 12:00 a.m.
JavaScript execution in mail when forwarding in-line — Mozilla
2006-04-2100:00:00
Mozilla Foundation
www.mozilla.org
20
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.95
Percentile
99.3%
Georgi Guninski reports that forwarding mail in-line while using the default HTML “rich mail” editor will execute JavaScript embedded in the e-mail message. Forwarding mail in-line is not the default setting but it is easily accessed through the “Forward As” menu item.
Affected configurations
Node
mozillamozilla_suiteRange<1.7.13
ORmozillaseamonkeyRange<1.0.1
ORmozillathunderbirdRange<1.0.8
ORmozillathunderbirdRange<1.5.0.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | mozilla_suite | * | cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* |
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
Related
checkpoint_advisories
checkpoint_advisories
nessus
nessus
FreeBSD : thunderbird -- javascript execution (61349f77-c620-11da-b2fb-000e0c2e438a)
2006-05-13 00:00:00
Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:052)
2006-03-06 00:00:00
SUSE-SA:2006:021: MozillaFirefox,mozilla
2006-04-26 00:00:00
openvas
openvas
FreeBSD Ports: thunderbird, mozilla-thunderbird
2008-09-04 00:00:00
FreeBSD Ports: thunderbird, mozilla-thunderbird
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2006-0884
2006-02-24 00:00:00
cve
cve
CVE-2006-0884
2006-02-24 22:02:00
debiancve
debiancve
CVE-2006-0884
2006-02-24 22:02:00
cvelist
cvelist
CVE-2006-0884
2006-02-24 22:00:00
prion
prion
Design/Logic Flaw
2006-02-24 22:02:00
freebsd
freebsd
thunderbird -- javascript execution
2006-02-22 00:00:00
exploitdb
exploitdb
Mozilla (Multiple Products) - iFrame JavaScript Execution
2006-02-22 00:00:00
nvd
nvd
CVE-2006-0884
2006-02-24 22:02:00
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
centos
centos
devhelp, mozilla security update
2006-04-18 17:41:36
galeon, mozilla security update
2006-04-18 23:53:59
thunderbird security update
2006-04-21 17:41:34
redhat
redhat
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2006-05-03 00:00:00
debian
debian
osv
osv
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.95
Percentile
99.3%
Related for MFSA2006-21