Unrated severityNVD Advisory· Published Feb 24, 2006· Updated Apr 16, 2026
CVE-2006-0884
CVE-2006-0884
Description
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Affected products
18cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=1.0.7
- cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
41- www.debian.org/security/2006/dsa-1046nvdPatch
- www.debian.org/security/2006/dsa-1051nvdPatch
- securitytracker.com/idnvdExploit
- www.securityfocus.com/bid/16770nvdExploitPatch
- secunia.com/advisories/19721nvdVendor Advisory
- secunia.com/advisories/19811nvdVendor Advisory
- secunia.com/advisories/19821nvdVendor Advisory
- secunia.com/advisories/19823nvdVendor Advisory
- secunia.com/advisories/19863nvdVendor Advisory
- secunia.com/advisories/19902nvdVendor Advisory
- secunia.com/advisories/19941nvdVendor Advisory
- secunia.com/advisories/19950nvdVendor Advisory
- secunia.com/advisories/20051nvdVendor Advisory
- secunia.com/advisories/21033nvdVendor Advisory
- secunia.com/advisories/21622nvdVendor Advisory
- secunia.com/advisories/22065nvdVendor Advisory
- www.mozilla.org/security/announce/2006/mfsa2006-21.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2006/3749nvdVendor Advisory
- ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtnvd
- patches.sgi.com/support/free/security/advisories/20060404-01-U.ascnvd
- lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2006-205.htmnvd
- www.gentoo.org/security/en/glsa/glsa-200604-18.xmlnvd
- www.gentoo.org/security/en/glsa/glsa-200605-09.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_04_25.htmlnvd
- www.osvdb.org/23653nvd
- www.redhat.com/support/errata/RHSA-2006-0329.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0330.htmlnvd
- www.securityfocus.com/archive/1/425786/100/0/threadednvd
- www.securityfocus.com/archive/1/436296/100/0/threadednvd
- www.securityfocus.com/archive/1/438730/100/0/threadednvd
- www.securityfocus.com/archive/1/446657/100/200/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25983nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10782nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2024nvd
- usn.ubuntu.com/276-1/nvd
News mentions
0No linked articles in our index yet.