CVE-2004-2226 — Mozilla Thunderbird vulnerability

2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 39.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird

Timeline

PublishedDec 31

Latest updateApr 29

Description

Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/thunderbird0.8, 1.7.1, 1.7.3+2

Patches

Patch: secunia.com ↗Patch: www.osvdb.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-f2c7-j9r7-mm93: Mozilla Mail 1↗2022-04-29

▶