CVE-2006-1045 Information

Description

The HTML rendering engine in Mozilla Thunderbird 1.5 when \Block loading of remote images in mail messages\ is enabled does not properly block external images from inline HTML attachments which could allow remote attackers to obtain sensitive information such as application version or IP address when the user reads the email and the external image is accessed.

Reference

http://secunia.com/advisories/19821 http://secunia.com/advisories/19823 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/19950 http://secunia.com/advisories/20051 http://secunia.com/advisories/22065 http://securityreason.com/securityalert/514 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 http://www.mozilla.org/security/announce/2006/mfsa2006-26.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2006-0330.html http://www.securityfocus.com/archive/1/426347 http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16881 http://www.securityfocus.com/bid/17516 http://www.vupen.com/english/advisories/2006/1356 http://www.vupen.com/english/advisories/2006/3749 https://exchange.xforce.ibmcloud.com/vulnerabilities/24959 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10254 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1975 https://usn.ubuntu.com/276-1/