Unrated severityNVD Advisory· Published Jan 18, 2006· Updated Apr 16, 2026
CVE-2006-0236
CVE-2006-0236
Description
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
Affected products
7cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/15907nvdPatchVendor Advisory
- secunia.com/secunia_research/2005-22/advisorynvdPatchVendor Advisory
- www.securityfocus.com/bid/16271nvdPatch
- www.vupen.com/english/advisories/2006/0230nvdVendor Advisory
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/422148/100/0/threadednvd
- bugzilla.mozilla.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24164nvd
News mentions
0No linked articles in our index yet.