First published: Fri Feb 24 2006(Updated: )
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | =0.6 | |
Mozilla Thunderbird | =0.7.2 | |
Mozilla Thunderbird | =0.3 | |
Mozilla Thunderbird | =0.2 | |
Mozilla Thunderbird | =1.0 | |
Mozilla Thunderbird | =1.0.1 | |
Mozilla Thunderbird | =1.0.2 | |
Mozilla Thunderbird | =0.5 | |
Mozilla Thunderbird | =0.9 | |
Mozilla Thunderbird | =0.7.3 | |
Mozilla Thunderbird | =0.4 | |
Mozilla Thunderbird | =0.7 | |
Mozilla Thunderbird | =1.0.6 | |
Mozilla Thunderbird | =0.1 | |
Mozilla Thunderbird | =0.7.1 | |
Mozilla Thunderbird | <=1.0.7 | |
Mozilla Thunderbird | =1.0.5 | |
Mozilla Thunderbird | =0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.