CVE-2006-0884
published 2006-02-24CVE-2006-0884: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security…
PriorityP336critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.07%
93.4th percentile
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 1.5.dfsg+1.5.0.2-1 (sid) | firefox 1.5.dfsg+1.5.0.2-1 (sid) |
| debian | thunderbird | < firefox 1.5.dfsg+1.5.0.2-1 (sid) | firefox 1.5.dfsg+1.5.0.2-1 (sid) |
| mozilla | thunderbird | <= 1.0.7 | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f48c-g7r5-vhv8: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1
ghsa_unreviewed·2022-05-03
CVE-2006-0884 [HIGH] CWE-20 GHSA-f48c-g7r5-vhv8: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
OSV
CVE-2006-0884: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1
osv·2006-02-24·CVSS 9.3
CVE-2006-0884 [CRITICAL] CVE-2006-0884: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-05-03·CVSS 7.5
CVE-2006-1742 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Igor Bukanov discovered that the JavaScript engine did not properly
declare some temporary variables. Under some rare circumstances, a
malicious mail with embedded JavaScript could exploit this to execute
arbitrary code with the privileges of the user. (CVE-2006-0292,
CVE-2006-1742)
The function XULDocument.persist() did not sufficiently validate the
names of attributes. An attacker could exploit this to inject
arbitrary XML code into the file 'localstore.rdf', which is read and
evaluated at startup. This could include JavaScript commands that
would be run with the user's privileges. (CVE-2006-0296)
Due to a flaw in the HTML tag parser a specific sequence of HTML tags
caused memory corruption. A malicious HTML emai
Red Hat
security flaw
vendor_redhat·2006-04-21·CVSS 9.3
CVE-2006-0884 [CRITICAL] security flaw
security flaw
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Debian
CVE-2006-0884: firefox - The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 a...
vendor_debian·2006·CVSS 9.3
CVE-2006-0884 [CRITICAL] CVE-2006-0884: firefox - The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 a...
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)
No detection rules found.
Bugzilla
CVE-2006-0884 security flaw
bugzilla·2018-08-16·CVSS 9.3
CVE-2006-0884 [CRITICAL] CVE-2006-0884 security flaw
CVE-2006-0884 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Bugzilla
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0884 [CRITICAL] CVE-2006-0884 JavaScript execution in mail when forwarding in-line
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
JavaScript execution in mail when forwarding in-line
Georgi Guninski reports that forwarding mail in-line while using the default
HTML "rich mail" editor will execute JavaScript embedded in the e-mail
message. Forwarding mail in-line is not the default setting but it is easily
accessed through the "Forward As" menu item.
This JavaScript runs with the full privileges of the client and could be
used to install malware or send spam.
In Thunderbird 1.0.7 and below and Mozilla Suite 1.7.12 and below JavaScript
is also executed when you reply to a mail, though limited to the sandbox of
the message. This script could spy on or alter the message you are
composing.
Workaround
Switch to "plain text" mail composition, this vuln
Bugzilla
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0884 [CRITICAL] CVE-2006-0884 JavaScript execution in mail when forwarding in-line
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
JavaScript execution in mail when forwarding in-line
Georgi Guninski reports that forwarding mail in-line while using the default
HTML "rich mail" editor will execute JavaScript embedded in the e-mail
message. Forwarding mail in-line is not the default setting but it is easily
accessed through the "Forward As" menu item.
This JavaScript runs with the full privileges of the client and could be
used to install malware or send spam.
In Thunderbird 1.0.7 and below and Mozilla Suite 1.7.12 and below JavaScript
is also executed when you reply to a mail, though limited to the sandbox of
the message. This script could spy on or alter the message you are
composing.
Workaround
Switch to "plain text" mail composition, this vuln
Bugzilla
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0884 [CRITICAL] CVE-2006-0884 JavaScript execution in mail when forwarding in-line
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
JavaScript execution in mail when forwarding in-line
Georgi Guninski reports that forwarding mail in-line while using the default
HTML "rich mail" editor will execute JavaScript embedded in the e-mail
message. Forwarding mail in-line is not the default setting but it is easily
accessed through the "Forward As" menu item.
This JavaScript runs with the full privileges of the client and could be
used to install malware or send spam.
In Thunderbird 1.0.7 and below and Mozilla Suite 1.7.12 and below JavaScript
is also executed when you reply to a mail, though limited to the sandbox of
the message. This script could spy on or alter the message you are
composing.
Workaround
Switch to "plain text" mail composition, this vuln
Bugzilla
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0884 [CRITICAL] CVE-2006-0884 JavaScript execution in mail when forwarding in-line
CVE-2006-0884 JavaScript execution in mail when forwarding in-line
JavaScript execution in mail when forwarding in-line
Georgi Guninski reports that forwarding mail in-line while using the default
HTML "rich mail" editor will execute JavaScript embedded in the e-mail
message. Forwarding mail in-line is not the default setting but it is easily
accessed through the "Forward As" menu item.
This JavaScript runs with the full privileges of the client and could be
used to install malware or send spam.
In Thunderbird 1.0.7 and below and Mozilla Suite 1.7.12 and below JavaScript
is also executed when you reply to a mail, though limited to the sandbox of
the message. This script could spy on or alter the message you are
composing.
Workaround
Switch to "plain text" mail composition, this vuln
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.aschttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlhttp://secunia.com/advisories/19721http://secunia.com/advisories/19811http://secunia.com/advisories/19821http://secunia.com/advisories/19823http://secunia.com/advisories/19863http://secunia.com/advisories/19902http://secunia.com/advisories/19941http://secunia.com/advisories/19950http://secunia.com/advisories/20051http://secunia.com/advisories/21033http://secunia.com/advisories/21622http://secunia.com/advisories/22065http://securitytracker.com/id?1015665http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmhttp://www.debian.org/security/2006/dsa-1046http://www.debian.org/security/2006/dsa-1051http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:052http://www.mandriva.com/security/advisories?name=MDKSA-2006:076http://www.mandriva.com/security/advisories?name=MDKSA-2006:078http://www.mozilla.org/security/announce/2006/mfsa2006-21.htmlhttp://www.novell.com/linux/security/advisories/2006_04_25.htmlhttp://www.osvdb.org/23653http://www.redhat.com/support/errata/RHSA-2006-0329.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0330.htmlhttp://www.securityfocus.com/archive/1/425786/100/0/threadedhttp://www.securityfocus.com/archive/1/436296/100/0/threadedhttp://www.securityfocus.com/archive/1/438730/100/0/threadedhttp://www.securityfocus.com/archive/1/446657/100/200/threadedhttp://www.securityfocus.com/bid/16770http://www.vupen.com/english/advisories/2006/3749https://exchange.xforce.ibmcloud.com/vulnerabilities/25983https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10782https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024https://usn.ubuntu.com/276-1/ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.aschttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlhttp://secunia.com/advisories/19721http://secunia.com/advisories/19811http://secunia.com/advisories/19821http://secunia.com/advisories/19823http://secunia.com/advisories/19863http://secunia.com/advisories/19902http://secunia.com/advisories/19941http://secunia.com/advisories/19950http://secunia.com/advisories/20051http://secunia.com/advisories/21033http://secunia.com/advisories/21622http://secunia.com/advisories/22065http://securitytracker.com/id?1015665http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmhttp://www.debian.org/security/2006/dsa-1046http://www.debian.org/security/2006/dsa-1051http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:052http://www.mandriva.com/security/advisories?name=MDKSA-2006:076http://www.mandriva.com/security/advisories?name=MDKSA-2006:078http://www.mozilla.org/security/announce/2006/mfsa2006-21.htmlhttp://www.novell.com/linux/security/advisories/2006_04_25.htmlhttp://www.osvdb.org/23653http://www.redhat.com/support/errata/RHSA-2006-0329.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0330.htmlhttp://www.securityfocus.com/archive/1/425786/100/0/threadedhttp://www.securityfocus.com/archive/1/436296/100/0/threadedhttp://www.securityfocus.com/archive/1/438730/100/0/threadedhttp://www.securityfocus.com/archive/1/446657/100/200/threadedhttp://www.securityfocus.com/bid/16770http://www.vupen.com/english/advisories/2006/3749https://exchange.xforce.ibmcloud.com/vulnerabilities/25983https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10782https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024https://usn.ubuntu.com/276-1/
2006-02-24
Published