CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
90.9%
The HTML rendering engine in Mozilla Thunderbird 1.5, when “Block loading of remote images in mail messages” is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | thunderbird | 1.5 | cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:* |
secunia.com/advisories/19821
secunia.com/advisories/19823
secunia.com/advisories/19863
secunia.com/advisories/19902
secunia.com/advisories/19941
secunia.com/advisories/19950
secunia.com/advisories/20051
secunia.com/advisories/22065
securityreason.com/securityalert/514
www.debian.org/security/2006/dsa-1046
www.debian.org/security/2006/dsa-1051
www.gentoo.org/security/en/glsa/glsa-200604-18.xml
www.gentoo.org/security/en/glsa/glsa-200605-09.xml
www.mandriva.com/security/advisories?name=MDKSA-2006:078
www.mozilla.org/security/announce/2006/mfsa2006-26.html
www.novell.com/linux/security/advisories/2006_04_25.html
www.redhat.com/support/errata/RHSA-2006-0330.html
www.securityfocus.com/archive/1/426347
www.securityfocus.com/archive/1/446657/100/200/threaded
www.securityfocus.com/bid/16881
www.securityfocus.com/bid/17516
www.vupen.com/english/advisories/2006/1356
www.vupen.com/english/advisories/2006/3749
exchange.xforce.ibmcloud.com/vulnerabilities/24959
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975
usn.ubuntu.com/276-1/