Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the users intended privacy and security policy by using cookies in e-mail messages.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mozilla | Mozilla | 1.7 (including) | 1.7 (including) |
| Mozilla | Mozilla | 1.7-alpha (including) | 1.7-alpha (including) |
| Mozilla | Mozilla | 1.7-beta (including) | 1.7-beta (including) |
| Mozilla | Mozilla | 1.7-rc1 (including) | 1.7-rc1 (including) |
| Mozilla | Mozilla | 1.7-rc2 (including) | 1.7-rc2 (including) |
| Mozilla | Mozilla | 1.7-rc3 (including) | 1.7-rc3 (including) |
| Mozilla | Mozilla | 1.7.1 (including) | 1.7.1 (including) |
| Mozilla | Mozilla | 1.7.2 (including) | 1.7.2 (including) |
| Mozilla | Mozilla | 1.7.3 (including) | 1.7.3 (including) |
| Thunderbird | Mozilla | 0.6 (including) | 0.6 (including) |
| Thunderbird | Mozilla | 0.7 (including) | 0.7 (including) |
| Thunderbird | Mozilla | 0.7.1 (including) | 0.7.1 (including) |
| Thunderbird | Mozilla | 0.7.2 (including) | 0.7.2 (including) |
| Thunderbird | Mozilla | 0.7.3 (including) | 0.7.3 (including) |
| Thunderbird | Mozilla | 0.9 (including) | 0.9 (including) |
| Red Hat Enterprise Linux 4 | RedHat | thunderbird-0:1.0-1.1.EL4 | * |
| Red Hat Enterprise Linux 4 | RedHat | devhelp-0:0.9.2-2.4.3 | * |
| Red Hat Enterprise Linux 4 | RedHat | evolution-0:2.0.2-14 | * |
| Mozilla | Ubuntu | edgy | * |
References
- http://secunia.com/advisories/19823
- http://www.mozilla.org/security/announce/mfsa2005-11.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-094.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- http://www.securityfocus.com/bid/12407
- https://bugzilla.mozilla.org/show_bug.cgi?id=268107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407
- http://secunia.com/advisories/19823
- http://www.mozilla.org/security/announce/mfsa2005-11.html
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- http://www.redhat.com/support/errata/RHSA-2005-094.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- http://www.securityfocus.com/bid/12407
- https://bugzilla.mozilla.org/show_bug.cgi?id=268107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407