CVE-2006-0884 — Vulnetix

Try Vulnetix Request Demo

CVE-2006-0884 PUBLISHED CVSS 9.300000190734863 CRITICAL

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

EPSS 36.00% · 97.1th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

36.00%

97.1th percentile

Affected Products

Vendor	Product	Versions
mozilla	thunderbird	1.0.6, 0, 0.1
n/a	n/a	n/a

Timeline

Feb 24, 2006 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 3, 2022 CVE Updated
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

http://www.debian.org/security/2006/dsa-1046 patch
http://www.debian.org/security/2006/dsa-1051 patch
RHSA-2006:0330 vendor-advisory
oval:org.mitre.oval:def:2024 vdb
19902 third-party-advisory
20060404-01-U vendor-advisory
USN-276-1 vendor-advisory
HPSBUX02122 vendor-advisory
1015665 vdb
19941 third-party-advisory
19821 third-party-advisory
MDKSA-2006:052 vendor-advisory
21622 third-party-advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm url
19823 third-party-advisory
ADV-2006-3749 vdb
RHSA-2006:0329 vendor-advisory
GLSA-200604-18 vendor-advisory
19811 third-party-advisory
21033 third-party-advisory

…and 23 more

Open in Interactive Console →