FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-0884

This CVE name corresponds to:

Entered	Topic
2006-04-07	thunderbird -- javascript execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-0884 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2006-0884
Phase	Assigned(20060224)

Description

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

References

Source	Reference
BUGTRAQ	20060222 Mozilla Thunderbird : Remote Code Execution & Denial of Service
CONFIRM	http://www.mozilla.org/security/announce/2006/mfsa2006-21.html
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
DEBIAN	DSA-1046
DEBIAN	DSA-1051
FEDORA	FLSA:189137-1
GENTOO	GLSA-200604-18
GENTOO	GLSA-200605-09
HP	HPSBUX02122
HP	SSRT061158
HP	HPSBUX02156
HP	SSRT061236
MANDRIVA	MDKSA-2006:052
MANDRIVA	MDKSA-2006:076
MANDRIVA	MDKSA-2006:078
REDHAT	RHSA-2006:0329
REDHAT	RHSA-2006:0330
SCO	SCOSA-2006.26
SGI	20060404-01-U
SUNALERT	102550
SUNALERT	228526
SUSE	SUSE-SA:2006:022
SUSE	SUSE-SA:2006:021
SUSE	SUSE-SA:2006:004
UBUNTU	USN-276-1
BID	16770
OVAL	oval:org.mitre.oval:def:10782
VUPEN	ADV-2006-3749
OSVDB	23653
OVAL	oval:org.mitre.oval:def:2024
SECTRACK	1015665
SECUNIA	19821
SECUNIA	19811
SECUNIA	19823
SECUNIA	19863
SECUNIA	19902
SECUNIA	19950
SECUNIA	19941
SECUNIA	19721
SECUNIA	21033
SECUNIA	21622
SECUNIA	20051
SECUNIA	22065
XF	mozilla-inline-fwd-code-execution(25983)