Vulnerability-Lookup

CVE-2006-4570 (GCVE-0-2006-4570)

Vulnerability from cvelistv5 – Published: 2006-09-15 23:00 – Updated: 2024-08-07 19:14

Summary

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/22391	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/22055	third-party-advisoryx_refsource_SECUNIA
	http://www.mozilla.org/security/announce/2006/mfs…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-361-1	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/usn-352-1	vendor-advisoryx_refsource_UBUNTU
	http://securitytracker.com/id?1016867	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/22056	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22247	third-party-advisoryx_refsource_SECUNIA
	http://www.us.debian.org/security/2006/dsa-1191	vendor-advisoryx_refsource_DEBIAN
	http://security.gentoo.org/glsa/glsa-200610-04.xml	vendor-advisoryx_refsource_GENTOO
	http://securitytracker.com/id?1016866	vdb-entryx_refsource_SECTRACK
	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
	http://secunia.com/advisories/21939	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21915	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2006/dsa-1192	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/22274	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21940	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/20042	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.ubuntu.com/usn/usn-350-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/22342	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200610-01.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/22074	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22088	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/22036	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22299	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/21916	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:14:47.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22391",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22391"
          },
          {
            "name": "RHSA-2006:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
          },
          {
            "name": "22055",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22055"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
          },
          {
            "name": "USN-361-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-361-1"
          },
          {
            "name": "USN-352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-352-1"
          },
          {
            "name": "1016867",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016867"
          },
          {
            "name": "22056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22056"
          },
          {
            "name": "22247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22247"
          },
          {
            "name": "DSA-1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.us.debian.org/security/2006/dsa-1191"
          },
          {
            "name": "GLSA-200610-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
          },
          {
            "name": "1016866",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016866"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21939"
          },
          {
            "name": "21915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21915"
          },
          {
            "name": "oval:org.mitre.oval:def:10892",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892"
          },
          {
            "name": "RHSA-2006:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
          },
          {
            "name": "DSA-1192",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1192"
          },
          {
            "name": "22274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22274"
          },
          {
            "name": "21940",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21940"
          },
          {
            "name": "20042",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20042"
          },
          {
            "name": "thunderbird-seamonkey-xbl-code-execution(28962)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962"
          },
          {
            "name": "USN-350-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-350-1"
          },
          {
            "name": "22342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22342"
          },
          {
            "name": "GLSA-200610-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
          },
          {
            "name": "22074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22074"
          },
          {
            "name": "22088",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22088"
          },
          {
            "name": "SUSE-SA:2006:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "22299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22299"
          },
          {
            "name": "MDKSA-2006:169",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
          },
          {
            "name": "21916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21916"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-14T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with \"Load Images\" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T04:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "22391",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22391"
        },
        {
          "name": "RHSA-2006:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
        },
        {
          "name": "22055",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22055"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
        },
        {
          "name": "USN-361-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-361-1"
        },
        {
          "name": "USN-352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-352-1"
        },
        {
          "name": "1016867",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016867"
        },
        {
          "name": "22056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22056"
        },
        {
          "name": "22247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22247"
        },
        {
          "name": "DSA-1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.us.debian.org/security/2006/dsa-1191"
        },
        {
          "name": "GLSA-200610-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
        },
        {
          "name": "1016866",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016866"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21939"
        },
        {
          "name": "21915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21915"
        },
        {
          "name": "oval:org.mitre.oval:def:10892",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892"
        },
        {
          "name": "RHSA-2006:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
        },
        {
          "name": "DSA-1192",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1192"
        },
        {
          "name": "22274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22274"
        },
        {
          "name": "21940",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21940"
        },
        {
          "name": "20042",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20042"
        },
        {
          "name": "thunderbird-seamonkey-xbl-code-execution(28962)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962"
        },
        {
          "name": "USN-350-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-350-1"
        },
        {
          "name": "22342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22342"
        },
        {
          "name": "GLSA-200610-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
        },
        {
          "name": "22074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22074"
        },
        {
          "name": "22088",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22088"
        },
        {
          "name": "SUSE-SA:2006:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "22299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22299"
        },
        {
          "name": "MDKSA-2006:169",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
        },
        {
          "name": "21916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21916"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-4570",
    "datePublished": "2006-09-15T23:00:00.000Z",
    "dateReserved": "2006-09-06T04:00:00.000Z",
    "dateUpdated": "2024-08-07T19:14:47.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-391

Vulnerability from certfr_avis - Published: 2006-09-15 - Updated: 2006-09-28

Plusieurs vulnérabilités ont été identifies dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. L'exploitation de ceux-ci contre un système vulnérable peuvent conduire à une exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été identifiées dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. Parmi celles-ci :

la manipulation de certains codes Javascript par le navigateur Firefox pourrait provoquer un débordement de la mémoire, et ainsi permettre l'exécution de commandes arbitraires. L'utilisateur doit visiter une page construite de manière malveillante pour être impacté. Cependant, la messagerie Thunderbird utilise en grande partie le noyau du navigateur Firefox pour l'affichage de messages en format HTML, quand cela est autorisé. L'utilisateur pourrait donc avoir son système compromis suite à la lecture d'un courrier électronique. Cette option n'est pas activée par défaut.
la désactivation de Javascript dans la messagerie Thunderbird ne serait pas correctement effectuée, et pourrait être contournée afin de permettre l'exécution de code Javascript à l'insu de l'utilisateur.
une mauvaise vérification des signatures RSA PKCS #1 v1.5 utilisant un exposant de valeur 3. Cette vulnérabilité est à mettre en relation avec l'avis du CERTA CERTA-200-AVI-384 concernant OpenSSL.
la procédure de mise à jour de Firefox et Thunderbird, basée sur SSL ne s'effecturait pas correctement. Il serait possible, en usurpant les réponses DNS adressées à la victime, de rediriger ses requêtes de mises à jour vers un site malveillant. Le certificat ne serait alors pas convenablement vérifié.

Solution

Se référer au bulletin de sécurité de Mozilla pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	N/A	Mozilla SeaMonkey 1.0.4 ainsi que les versions antérieures.
Mozilla	Thunderbird	Mozilla Thunderbird 1.5.0.5 ainsi que les versions antérieures ;
Mozilla	Firefox	Mozilla Firefox 1.5.0.6 ainsi que les versions antérieures ;

References

Title

Publication Time

GSD-2006-4570

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-4570

Aliases

CVE-2006-4570

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4570",
    "description": "Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with \"Load Images\" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.",
    "id": "GSD-2006-4570",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-4570.html",
      "https://www.debian.org/security/2006/dsa-1192",
      "https://www.debian.org/security/2006/dsa-1191",
      "https://access.redhat.com/errata/RHSA-2006:0677",
      "https://access.redhat.com/errata/RHSA-2006:0676",
      "https://linux.oracle.com/cve/CVE-2006-4570.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4570"
      ],
      "details": "Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with \"Load Images\" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.",
      "id": "GSD-2006-4570",
      "modified": "2023-12-13T01:19:52.169870Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2006-4570",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with \"Load Images\" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/22055",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22055"
          },
          {
            "name": "http://secunia.com/advisories/22342",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22342"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-350-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-350-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-361-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-361-1"
          },
          {
            "name": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc",
            "refsource": "MISC",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "http://secunia.com/advisories/21915",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21915"
          },
          {
            "name": "http://secunia.com/advisories/21916",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21916"
          },
          {
            "name": "http://secunia.com/advisories/21939",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21939"
          },
          {
            "name": "http://secunia.com/advisories/21940",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21940"
          },
          {
            "name": "http://secunia.com/advisories/22036",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "http://secunia.com/advisories/22056",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22056"
          },
          {
            "name": "http://secunia.com/advisories/22074",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22074"
          },
          {
            "name": "http://secunia.com/advisories/22088",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22088"
          },
          {
            "name": "http://secunia.com/advisories/22247",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22247"
          },
          {
            "name": "http://secunia.com/advisories/22274",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22274"
          },
          {
            "name": "http://secunia.com/advisories/22299",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22299"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200610-01.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
          },
          {
            "name": "http://www.debian.org/security/2006/dsa-1192",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2006/dsa-1192"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0676.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0677.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-352-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-352-1"
          },
          {
            "name": "http://www.us.debian.org/security/2006/dsa-1191",
            "refsource": "MISC",
            "url": "http://www.us.debian.org/security/2006/dsa-1191"
          },
          {
            "name": "http://www.securityfocus.com/bid/20042",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/20042"
          },
          {
            "name": "http://secunia.com/advisories/22391",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22391"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200610-04.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
          },
          {
            "name": "http://securitytracker.com/id?1016866",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1016866"
          },
          {
            "name": "http://securitytracker.com/id?1016867",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1016867"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html",
            "refsource": "MISC",
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-4570"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with \"Load Images\" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
            },
            {
              "name": "RHSA-2006:0676",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
            },
            {
              "name": "RHSA-2006:0677",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
            },
            {
              "name": "20042",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/20042"
            },
            {
              "name": "1016866",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016866"
            },
            {
              "name": "1016867",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016867"
            },
            {
              "name": "21915",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21915"
            },
            {
              "name": "21916",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21916"
            },
            {
              "name": "21939",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21939"
            },
            {
              "name": "21940",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21940"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "USN-350-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-350-1"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "SUSE-SA:2006:054",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
            },
            {
              "name": "USN-352-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-352-1"
            },
            {
              "name": "22055",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22055"
            },
            {
              "name": "22074",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22074"
            },
            {
              "name": "22088",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22088"
            },
            {
              "name": "DSA-1191",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.us.debian.org/security/2006/dsa-1191"
            },
            {
              "name": "GLSA-200610-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
            },
            {
              "name": "22247",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22247"
            },
            {
              "name": "22274",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22274"
            },
            {
              "name": "DSA-1192",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1192"
            },
            {
              "name": "GLSA-200610-04",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
            },
            {
              "name": "USN-361-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-361-1"
            },
            {
              "name": "22299",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22299"
            },
            {
              "name": "22342",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22342"
            },
            {
              "name": "22391",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22391"
            },
            {
              "name": "22056",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22056"
            },
            {
              "name": "MDKSA-2006:169",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
            },
            {
              "name": "thunderbird-seamonkey-xbl-code-execution(28962)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962"
            },
            {
              "name": "oval:org.mitre.oval:def:10892",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-10-11T01:31Z",
      "publishedDate": "2006-09-15T19:07Z"
    }
  }
}

GHSA-23G7-P8VX-G5M2

Vulnerability from github – Published: 2022-05-03 03:16 – Updated: 2022-05-03 03:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4570"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-15T19:07:00Z",
    "severity": "LOW"
  },
  "details": "Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with \"Load Images\" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.",
  "id": "GHSA-23g7-p8vx-g5m2",
  "modified": "2022-05-03T03:16:31Z",
  "published": "2022-05-03T03:16:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4570"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22391"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016866"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016867"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20042"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-4570

Vulnerability from fkie_nvd - Published: 2006-09-15 19:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
secalert@redhat.com	http://secunia.com/advisories/21915
secalert@redhat.com	http://secunia.com/advisories/21916
secalert@redhat.com	http://secunia.com/advisories/21939
secalert@redhat.com	http://secunia.com/advisories/21940
secalert@redhat.com	http://secunia.com/advisories/22036
secalert@redhat.com	http://secunia.com/advisories/22055
secalert@redhat.com	http://secunia.com/advisories/22056
secalert@redhat.com	http://secunia.com/advisories/22074
secalert@redhat.com	http://secunia.com/advisories/22088
secalert@redhat.com	http://secunia.com/advisories/22247
secalert@redhat.com	http://secunia.com/advisories/22274
secalert@redhat.com	http://secunia.com/advisories/22299
secalert@redhat.com	http://secunia.com/advisories/22342
secalert@redhat.com	http://secunia.com/advisories/22391
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200610-01.xml
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200610-04.xml
secalert@redhat.com	http://securitytracker.com/id?1016866
secalert@redhat.com	http://securitytracker.com/id?1016867
secalert@redhat.com	http://www.debian.org/security/2006/dsa-1192
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
secalert@redhat.com	http://www.mozilla.org/security/announce/2006/mfsa2006-63.html	Vendor Advisory
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0676.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0677.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/20042
secalert@redhat.com	http://www.ubuntu.com/usn/usn-350-1
secalert@redhat.com	http://www.ubuntu.com/usn/usn-352-1
secalert@redhat.com	http://www.ubuntu.com/usn/usn-361-1
secalert@redhat.com	http://www.us.debian.org/security/2006/dsa-1191
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/28962
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21915
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21916
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21939
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21940
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22036
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22055
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22056
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22074
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22088
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22247
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22274
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22299
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22342
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22391
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200610-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200610-04.xml
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016866
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016867
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1192
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2006/mfsa2006-63.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0676.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0677.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20042
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-350-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-352-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-361-1
af854a3a-2127-422b-91ae-364da2661108	http://www.us.debian.org/security/2006/dsa-1191
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28962
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892

Impacted products

	Vendor	Product	Version
	mozilla	seamonkey	*
	mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DCE4360-4064-47F8-B4B1-12D15D31BE13",
              "versionEndIncluding": "1.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C246DC3-0BAF-4FE2-B160-EE223E8F3CD2",
              "versionEndIncluding": "1.5.0.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with \"Load Images\" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message."
    },
    {
      "lang": "es",
      "value": "Mozilla thunderbird anteriores a 1.5.0.7 y SeaMonkey anterior a 1.0.5, con la \"carga de im\u00e1genes\" (Load Images) habilitada, permite a un  atacante remoto con la complicidad del usuario evitar la configuraci\u00f3n que deshabilita el JavaScript a trav\u00e9s de un fichero remoto XBL en un mensaje que se carga cuando el usuario mira y reenv\u00eda o responde al mensaje original."
    }
  ],
  "id": "CVE-2006-4570",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-09-15T19:07:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22391"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016866"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016867"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/20042"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-63.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4570 (GCVE-0-2006-4570)

CERTA-2006-AVI-391

Description

Solution

GSD-2006-4570

GHSA-23G7-P8VX-G5M2

FKIE_CVE-2006-4570

Tags

Sightings

Nomenclature