Signature Detail
Short Name |
SMTP:MAL:TBIRD-JAVASCRIPT |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
Mozilla Thunderbird IFRAME JavaScript Remote JavaScript Execution |
Release Date |
2006/05/16 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Mozilla Thunderbird IFRAME JavaScript Remote JavaScript Execution
This signature detects the transmission of an e-mail crafted to bypass JavaScript security restrictions in Mozilla Thunderbird. This e-mail can lead to arbitrary code execution or crash the client.
Extended Description
Multiple Mozilla products are prone to a script-execution vulnerability. The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client. The following mozilla products are vulnerable to this issue: - Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8 - Mozilla SeaMonkey, versions prior to 1.0.1 - Mozilla Suite, versions prior to 1.7.13
Affected Products
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Gentoo Linux
- HP HP-UX B.11.11
- HP HP-UX B.11.23
- HP HP-UX B.11.31
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 2006.0.0
- Mandriva Linux Mandrake 2006.0.0 X86 64
- Mozilla Browser 0.8.0
- Mozilla Browser 0.9.2
- Mozilla Browser 0.9.2 .1
- Mozilla Browser 0.9.3
- Mozilla Browser 0.9.35
- Mozilla Browser 0.9.4
- Mozilla Browser 0.9.4 .1
- Mozilla Browser 0.9.48
- Mozilla Browser 0.9.5
- Mozilla Browser 0.9.6
- Mozilla Browser 0.9.7
- Mozilla Browser 0.9.8
- Mozilla Browser 0.9.9
- Mozilla Browser 1.0.0
- Mozilla Browser 1.0.0 RC1
- Mozilla Browser 1.0.0 RC2
- Mozilla Browser 1.0.1
- Mozilla Browser 1.0.2
- Mozilla Browser 1.1.0
- Mozilla Browser 1.1.0 Alpha
- Mozilla Browser 1.1.0 Beta
- Mozilla Browser 1.2.0
- Mozilla Browser 1.2.0 Alpha
- Mozilla Browser 1.2.0 Beta
- Mozilla Browser 1.2.1
- Mozilla Browser 1.3.0
- Mozilla Browser 1.3.1
- Mozilla Browser 1.4.0
- Mozilla Browser 1.4.0 A
- Mozilla Browser 1.4.0 B
- Mozilla Browser 1.4.1
- Mozilla Browser 1.4.2
- Mozilla Browser 1.4.4
- Mozilla Browser 1.5.0
- Mozilla Browser 1.5.1
- Mozilla Browser 1.6.0
- Mozilla Browser 1.7.0
- Mozilla Browser 1.7.0 Alpha
- Mozilla Browser 1.7.0 Beta
- Mozilla Browser 1.7.0 Rc1
- Mozilla Browser 1.7.0 Rc2
- Mozilla Browser 1.7.0 Rc3
- Mozilla Browser 1.7.1
- Mozilla Browser 1.7.10
- Mozilla Browser 1.7.11
- Mozilla Browser 1.7.12
- Mozilla Browser 1.7.2
- Mozilla Browser 1.7.3
- Mozilla Browser 1.7.4
- Mozilla Browser 1.7.5
- Mozilla Browser 1.7.6
- Mozilla Browser 1.7.7
- Mozilla Browser 1.7.8
- Mozilla Browser 1.7.9
- Mozilla SeaMonkey 1.0
- Mozilla SeaMonkey 1.0 Dev
- Mozilla Thunderbird 0.6.0
- Mozilla Thunderbird 0.7.0
- Mozilla Thunderbird 0.7.1
- Mozilla Thunderbird 0.7.2
- Mozilla Thunderbird 0.7.3
- Mozilla Thunderbird 0.8.0
- Mozilla Thunderbird 0.9.0
- Mozilla Thunderbird 1.0.0
- Mozilla Thunderbird 1.0.1
- Mozilla Thunderbird 1.0.2
- Mozilla Thunderbird 1.0.5
- Mozilla Thunderbird 1.0.6
- Mozilla Thunderbird 1.0.7
- Mozilla Thunderbird 1.5.0
- Mozilla Thunderbird 1.5.0.1
- Mozilla Thunderbird 1.5.0 Beta 2
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora Core1
- Red Hat Fedora Core2
- Red Hat Fedora Core3
- Red Hat Linux 7.3.0
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 7.3.0 I686
- Red Hat Linux 9.0.0 I386
- Sun Java Desktop System (JDS) 2.0.0
- Sun Solaris 10 X86
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
- SuSE Linux Desktop 1.0.0
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 9.1.0
- SuSE Linux Personal 9.1.0 X86 64
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Linux Personal 9.3.0 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 9.1.0
- SuSE Linux Professional 9.1.0 X86 64
- SuSE Linux Professional 9.2.0
- SuSE Linux Professional 9.2.0 X86 64
- SuSE Linux Professional 9.3.0
- SuSE Linux Professional 9.3.0 X86 64
- SuSE Novell Linux Desktop 9.0.0
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE UnitedLinux 1.0.0
- Ubuntu Ubuntu Linux 5.0.0 4 Amd64
- Ubuntu Ubuntu Linux 5.0.0 4 I386
- Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
- Ubuntu Ubuntu Linux 5.10.0 Amd64
- Ubuntu Ubuntu Linux 5.10.0 I386
- Ubuntu Ubuntu Linux 5.10.0 Powerpc
References
- BugTraq: 16770
- CVE: CVE-2006-0884