Vulnerabilities > CVE-2005-0148 - Unspecified vulnerability in Mozilla Thunderbird 0.6/0.7/0.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Oval
accepted | 2007-05-09T16:10:46.883-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
description | Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future. | ||||||||||||||||||||
family | windows | ||||||||||||||||||||
id | oval:org.mitre.oval:def:100048 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2005-08-16T12:00:00.000-04:00 | ||||||||||||||||||||
title | Mozilla Thunderbird Subject to IE Vulnerabilities via javascript | ||||||||||||||||||||
version | 6 |
References
- http://www.mozilla.org/security/announce/mfsa2005-10.html
- http://www.securityfocus.com/bid/12407
- https://bugzilla.mozilla.org/show_bug.cgi?id=263546
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19173
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100048