cbcvebase.
CVE-2006-0884
published 2006-02-24

CVE-2006-0884: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security…

PriorityP336critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.07%
93.4th percentile
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 1.5.dfsg+1.5.0.2-1 (sid)firefox 1.5.dfsg+1.5.0.2-1 (sid)
debianthunderbird< firefox 1.5.dfsg+1.5.0.2-1 (sid)firefox 1.5.dfsg+1.5.0.2-1 (sid)
mozillathunderbird<= 1.0.7
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.