CVE-2006-0884
CVE-2006-0884
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/27257não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.aschttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlhttp://secunia.com/advisories/19721http://secunia.com/advisories/19811http://secunia.com/advisories/19821http://secunia.com/advisories/19823http://secunia.com/advisories/19863http://secunia.com/advisories/19902http://secunia.com/advisories/19941http://secunia.com/advisories/19950http://secunia.com/advisories/20051