Vulnerability Details CVE-2005-0149
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/19823
- http://www.mozilla.org/security/announce/mfsa2005-11.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-094.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- http://www.securityfocus.com/bid/12407
- https://bugzilla.mozilla.org/show_bug.cgi?id=268107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407
- http://secunia.com/advisories/19823
- http://www.mozilla.org/security/announce/mfsa2005-11.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-094.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- http://www.securityfocus.com/bid/12407
- https://bugzilla.mozilla.org/show_bug.cgi?id=268107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407
Products affected by CVE-2005-0149
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:mozilla:1.7.3
-
cpe:2.3:a:mozilla:thunderbird:0.6
-
cpe:2.3:a:mozilla:thunderbird:0.7
-
cpe:2.3:a:mozilla:thunderbird:0.7.1
-
cpe:2.3:a:mozilla:thunderbird:0.7.2
-
cpe:2.3:a:mozilla:thunderbird:0.7.3
-
cpe:2.3:a:mozilla:thunderbird:0.9