CVE-2005-0149

Published: Feb 15, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

Affected (15)

Products: Mozilla: Mozilla, Thunderbird

2 products

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Mozilla Mozilla	Version 1.7.1
Mozilla Mozilla	Version 1.7.2
Mozilla Mozilla	Version 1.7.3
Mozilla Mozilla	Version 1.7
Mozilla Mozilla	Version 1.7 alpha
Mozilla Mozilla	Version 1.7 beta
Mozilla Mozilla	Version 1.7 rc1
Mozilla Mozilla	Version 1.7 rc2
Mozilla Mozilla	Version 1.7 rc3
Mozilla Thunderbird	Version 0.6
Mozilla Thunderbird	Version 0.7.1
Mozilla Thunderbird	Version 0.7.2
Mozilla Thunderbird	Version 0.7.3
Mozilla Thunderbird	Version 0.7
Mozilla Thunderbird	Version 0.9

References (22)

http://secunia.com/advisories/19823

Source: cve@mitre.org

http://www.mozilla.org/security/announce/mfsa2005-11.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2006_04_25.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2005-094.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-323.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-335.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/12407

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=268107

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/19172

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407

Source: cve@mitre.org

http://secunia.com/advisories/19823

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/mfsa2005-11.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2006_04_25.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2005-094.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-323.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2005-335.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/12407

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=268107

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/19172

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.