CVE-2005-0149
First published: Sat Jan 29 2005(Updated: )
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | =0.6 | |
| Thunderbird | =0.7.2 | |
| Mozilla Firefox | =1.7-alpha | |
| Mozilla Firefox | =1.7-rc1 | |
| Mozilla Firefox | =1.7 | |
| Mozilla Firefox | =1.7-beta | |
| Thunderbird | =0.9 | |
| Mozilla Firefox | =1.7.1 | |
| Thunderbird | =0.7.3 | |
| Thunderbird | =0.7 | |
| Mozilla Firefox | =1.7.2 | |
| Mozilla Firefox | =1.7-rc3 | |
| Thunderbird | =0.7.1 | |
| Mozilla Firefox | =1.7-rc2 | |
| Mozilla Firefox | =1.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/mfsa2005-11.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=268107
- http://www.redhat.com/support/errata/RHSA-2005-094.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- http://secunia.com/advisories/19823
- http://www.securityfocus.com/bid/12407
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
Frequently Asked Questions
What is the severity of CVE-2005-0149?
The severity of CVE-2005-0149 is classified as moderate due to its potential to expose user privacy and security.
How do I fix CVE-2005-0149?
To fix CVE-2005-0149, users should upgrade to a version of Thunderbird or Mozilla that is higher than 0.9 or 1.7.3 respectively.
Which software versions are affected by CVE-2005-0149?
CVE-2005-0149 affects Thunderbird versions 0.6 to 0.9 and Mozilla versions 1.7 to 1.7.3.
What is the impact of CVE-2005-0149?
The impact of CVE-2005-0149 allows remote attackers to use cookies in email messages, potentially bypassing user privacy settings.
Is there a workaround for CVE-2005-0149?
A workaround for CVE-2005-0149 is not widely documented, hence upgrading to the latest versions is the recommended solution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/thunderbird
- version/thunderbird/0.6
- version/thunderbird/0.7.2
- canonical/mozilla firefox
- version/mozilla firefox/1.7-alpha
- version/mozilla firefox/1.7-rc1
- version/mozilla firefox/1.7
- version/mozilla firefox/1.7-beta
- version/thunderbird/0.9
- version/mozilla firefox/1.7.1
- version/thunderbird/0.7.3
- version/thunderbird/0.7
- version/mozilla firefox/1.7.2
- version/mozilla firefox/1.7-rc3
- version/thunderbird/0.7.1
- version/mozilla firefox/1.7-rc2
- version/mozilla firefox/1.7.3