CVE-2005-0149 — Mozilla vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Mozilla Thunderbird

Timeline

PublishedFeb 15

Latest updateMay 1

Description

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/thunderbird6 versions+5

▶NVDmozilla/mozilla4 versions+3

Patches

Patch: www.mozilla.org ↗Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-2x58-77jw-wgpw: Thunderbird 0↗2022-05-01

▶

CVEList

CVE-2005-0149: Thunderbird 0↗2005-01-29

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-01-20

▶

💬Community

Bugzilla

CVE-2005-0149 security flaw↗2018-08-16

▶