CVE-2006-0884
Published: 24 February 2006
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Released
(2.0.0.6+0dfsg-0ubuntu0.6.10)
|
|
feisty |
Released
(2.0.0.6+1-0ubuntu1)
|
|
upstream |
Needs triage
|
|
firefox-granparadiso Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13-0ubuntu0.6.06)
|
edgy |
Released
(1.5.0.13-0ubuntu0.6.10)
|
|
feisty |
Released
(1.5.0.13-0ubuntu0.7.04)
|
|
upstream |
Needs triage
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Released
(1.8.0.5-4.2)
|
|
feisty |
Released
(1.8.0.5-4.2)
|
|
upstream |
Needs triage
|