CVE-2006-0294 Affecting thunderbird package, versions <1.5.0.2-1
Threat Intelligence
EPSS
87.92% (99th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN12-THUNDERBIRD-1560575
- published 2 Feb 2006
- disclosed 2 Feb 2006
Introduced: 2 Feb 2006
CVE-2006-0294 Open this link in a new tabHow to fix?
Upgrade Debian:12 thunderbird to version 1.5.0.2-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream thunderbird package and not the thunderbird package as distributed by Debian.
See How to fix? for Debian:12 relevant fixed versions and status.
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.
References
- https://security-tracker.debian.org/tracker/CVE-2006-0294
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.mozilla.org/security/announce/2006/mfsa2006-02.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1514
- https://bugzilla.mozilla.org/show_bug.cgi?id=317934
- http://securitytracker.com/id?1015570
- http://secunia.com/advisories/18700
- http://secunia.com/advisories/18704
- http://secunia.com/advisories/22065
- http://www.securityfocus.com/bid/16476
- http://www.vupen.com/english/advisories/2006/0413
- http://www.vupen.com/english/advisories/2006/3749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24431
CVSS Scores
version 3.1