Rapid7 Vulnerability & Exploit Database

MFSA2006-26 Thunderbird: Mail Multiple Information Disclosure (CVE-2006-1045)

Back to Search

MFSA2006-26 Thunderbird: Mail Multiple Information Disclosure (CVE-2006-1045)

Severity
3
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published
03/07/2006
Created
07/25/2018
Added
11/21/2013
Modified
10/05/2018

Description

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

Solution(s)

  • mozilla-thunderbird-upgrade-1_0_8
  • mozilla-thunderbird-upgrade-1_5_0_2

References

  • mozilla-thunderbird-upgrade-1_0_8
  • mozilla-thunderbird-upgrade-1_5_0_2

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;