Vulnerabilities > CVE-2005-0148 - Unspecified vulnerability in Mozilla Thunderbird 0.6/0.7/0.8

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
mozilla

Summary

Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.

Vulnerable Configurations

Part Description Count
Application
Mozilla
3

Oval

accepted2007-05-09T16:10:46.883-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameMatthew Wojcik
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
descriptionThunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
familywindows
idoval:org.mitre.oval:def:100048
statusaccepted
submitted2005-08-16T12:00:00.000-04:00
titleMozilla Thunderbird Subject to IE Vulnerabilities via javascript
version6