CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.4%
Georgi Guninski and David Bienvenu discovered that long Content-Type and
RFC2047-encoded headers we vulnerable to heap overflows. By tricking
the user into opening a specially crafted email, an attacker could
execute arbitrary code with user privileges. (CVE-2006-6506)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges or bypass internal XSS protections
by tricking the user into opening a malicious email containing
JavaScript. Please note that JavaScript is disabled by default for
emails, and it is not recommended to enable it. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6503)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 6.10 | noarch | mozilla-thunderbird | < 1.5.0.9-0ubuntu0.6.10 | UNKNOWN |
Ubuntu | 6.10 | noarch | mozilla-thunderbird-dev | < 1.5.0.9-0ubuntu0.6.10 | UNKNOWN |
Ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.9-0ubuntu0.6.06 | UNKNOWN |
Ubuntu | 6.06 | noarch | mozilla-thunderbird-dev | < 1.5.0.9-0ubuntu0.6.06 | UNKNOWN |
Ubuntu | 5.10 | noarch | mozilla-thunderbird | < 1.5.0.9-0ubuntu0.5.10 | UNKNOWN |
Ubuntu | 5.10 | noarch | mozilla-thunderbird-dev | < 1.5.0.9-0ubuntu0.5.10 | UNKNOWN |