CVE - CVE-2006-1045

CVE-ID
CVE-2006-1045	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:16881 URL:http://www.securityfocus.com/bid/16881 BID:17516 URL:http://www.securityfocus.com/bid/17516 BUGTRAQ:20060228 Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities URL:http://www.securityfocus.com/archive/1/426347 CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-26.html DEBIAN:DSA-1046 URL:http://www.debian.org/security/2006/dsa-1046 DEBIAN:DSA-1051 URL:http://www.debian.org/security/2006/dsa-1051 GENTOO:GLSA-200604-18 URL:http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml GENTOO:GLSA-200605-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml HP:HPSBUX02156 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded HP:SSRT061236 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded MANDRIVA:MDKSA-2006:078 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:078~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10254 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10254 OVAL:oval:org.mitre.oval:def:1975 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1975 REDHAT:RHSA-2006:0330 URL:http://www.redhat.com/support/errata/RHSA-2006-0330.html SECUNIA:19821 URL:http://secunia.com/advisories/19821 SECUNIA:19823 URL:http://secunia.com/advisories/19823 SECUNIA:19863 URL:http://secunia.com/advisories/19863 SECUNIA:19902 URL:http://secunia.com/advisories/19902 SECUNIA:19941 URL:http://secunia.com/advisories/19941 SECUNIA:19950 URL:http://secunia.com/advisories/19950 SECUNIA:20051 URL:http://secunia.com/advisories/20051 SECUNIA:22065 URL:http://secunia.com/advisories/22065 SREASON:514 URL:http://securityreason.com/securityalert/514 SUSE:SUSE-SA:2006:022 URL:http://www.novell.com/linux/security/advisories/2006_04_25.html UBUNTU:USN-276-1 URL:https://usn.ubuntu.com/276-1/ VUPEN:ADV-2006-1356 URL:~~http://www.vupen.com/english/advisories/2006/1356~~ (Obsolete source) VUPEN:ADV-2006-3749 URL:~~http://www.vupen.com/english/advisories/2006/3749~~ (Obsolete source) XF:thunderbird-inline-information-disclosure(24959) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24959
Assigning CNA
MITRE Corporation
Date Record Created
20060307	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060307)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)