Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1045 — Thunderbird vulnerability

11 documents8 sources

Severity

2.6LOWNVD

EPSS

10.4%

top 6.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird

Timeline

PublishedMar 7

Latest updateMay 1

Description

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages4 packages

▶Debianmozilla/thunderbird< 1.5.0.2-1+3

▶NVDmozilla/thunderbird1.5

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.2-1 (sid)

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.2-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-6m5g-mwm7-wq36: The HTML rendering engine in Mozilla Thunderbird 1↗2022-05-01

▶

OSV

CVE-2006-1045: The HTML rendering engine in Mozilla Thunderbird 1↗2006-03-07

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities↗2006-02-28

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2006-05-03

▶

Red Hat

security flaw↗2006-02-28

▶

Debian

CVE-2006-1045: firefox - The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of rem...↗2006

▶

💬Community

Bugzilla

CVE-2006-1045 security flaw↗2018-08-16

▶

Bugzilla

Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.)↗2006-04-22

▶

Bugzilla

CVE-2006-1045 Mail Multiple Information Disclosure↗2006-04-13

▶

Bugzilla

CVE-2006-1045 Mail Multiple Information Disclosure↗2006-04-13

▶