CVE-2006-1045

NameCVE-2006-1045
DescriptionThe HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1046-1, DSA-1051-1
NVD severitylow (attack range: remote)
Debian/oldoldstablenot known to be vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xulrunner (PTS)wheezy (security), wheezy24.8.1esr-2~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg+1.5.0.2-1low
mozillasourcesarge2:1.7.8-1sarge5lowDSA-1046-1
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.8low
thunderbirdsource(unstable)1.5.0.2-1low
xulrunnersource(unstable)1.8.0.1-9low

Search for package or bug name: Reporting problems