FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

thunderbird -- javascript execution

Affected packages
mozilla-thunderbird <= 1.0.7
thunderbird <= 1.0.7

Details

VuXML ID 61349f77-c620-11da-b2fb-000e0c2e438a
Discovery 2006-02-22
Entry 2006-04-07

Renaud Lifchitz reports a vulnerability within thunderbird. The vulnerability is caused by improper checking of javascript scripts. This could lead to javascript code execution which can lead to information disclosure or a denial of service (application crash). This vulnerability is present even if javascript had been disabled in the preferences.

References

Bugtraq ID 16770
CVE Name CAN-2006-0884