CVE-2006-0884

Description

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

How to fix CVE-2006-0884

To remediate CVE-2006-0884, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.2-1 or later

Is CVE-2006-0884 being exploited?

Moderate — EPSS is 36.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.5.0.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-0884