Launchpad.net

CVE 2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

Related bugs and status

CVE-2006-1045 (Candidate) is related to these bugs:

Bug #41096: update to thunderbird 1.5.0.2

Summary				In	Importance	Status
	41096	update to thunderbird 1.5.0.2		mozilla-thunderbird (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20060228 Mozilla Thund...
BID: 16881
CONFIRM: http://www.mozilla.org...
BID: 17516
SECUNIA: 19821
DEBIAN: DSA-1046
GENTOO: GLSA-200604-18
SUSE: SUSE-SA:2006:022
SECUNIA: 19823
SECUNIA: 19863
SECUNIA: 19902
DEBIAN: DSA-1051
SECUNIA: 19950
SECUNIA: 19941
GENTOO: GLSA-200605-09
REDHAT: RHSA-2006:0330
SECUNIA: 20051
SECUNIA: 22065
SREASON: 514
MANDRIVA: MDKSA-2006:078
VUPEN: ADV-2006-1356
VUPEN: ADV-2006-3749
XF: thunderbird-inline-inf...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-276-1
HP: HPSBUX02156
HP: SSRT061236