Launchpad.net

CVE 2006-0884

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

Related bugs and status

CVE-2006-0884 (Candidate) is related to these bugs:

Bug #41120: Update to 1.0.8 for Warty-Breezy

		In	Importance	Status
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu)	High	Invalid
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu Hoary)	Wishlist	Fix Released
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu Warty)	Wishlist	Invalid
41120	Update to 1.0.8 for Warty-Breezy	mozilla-thunderbird (Ubuntu Breezy)	Medium	Fix Released
41120	Update to 1.0.8 for Warty-Breezy	Juniper Openstack	Medium	In Progress
41120	Update to 1.0.8 for Warty-Breezy	Juniper Openstack trunk	Medium	In Progress

See the

CVE page on Mitre.org for more details.

References

BID: 16770
SECTRACK: 1015665
SECUNIA: 19821
DEBIAN: DSA-1046
GENTOO: GLSA-200604-18
SGI: 20060404-01-U
SUSE: SUSE-SA:2006:022
SECUNIA: 19811
SECUNIA: 19823
SECUNIA: 19863
SECUNIA: 19902
DEBIAN: DSA-1051
SECUNIA: 19950
SECUNIA: 19941
GENTOO: GLSA-200605-09
SUSE: SUSE-SA:2006:021
SECUNIA: 19721
REDHAT: RHSA-2006:0329
REDHAT: RHSA-2006:0330
CONFIRM: http://www.mozilla.org...
SCO: SCOSA-2006.26
SECUNIA: 21033
OSVDB: 23653
SUNALERT: 102550
SECUNIA: 21622
CONFIRM: http://support.avaya.c...
SECUNIA: 20051
SECUNIA: 22065
MANDRIVA: MDKSA-2006:052
MANDRIVA: MDKSA-2006:076
MANDRIVA: MDKSA-2006:078
SUNALERT: 228526
VUPEN: ADV-2006-3749
XF: mozilla-inline-fwd-cod...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-276-1
BUGTRAQ: 20060222 Mozilla Thund...
FEDORA: FLSA:189137-1
HP: HPSBUX02122
HP: SSRT061158
HP: HPSBUX02156
HP: SSRT061236