CVE-2005-0149

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.mozilla.org/security/announce/mfsa2005-11.html	Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=268107	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-094.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-335.html	Patch Vendor Advisory
http://secunia.com/advisories/19823
http://www.securityfocus.com/bid/12407
http://www.novell.com/linux/security/advisories/2006_04_25.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:mozilla:1.7:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.7:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.7:rc1::::::
	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*

Information

Published : 2005-02-14 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2005-0149

Mitre link : CVE-2005-0149

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mozilla

mozilla
thunderbird

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/mfsa2005-11.html", "name": "http://www.mozilla.org/security/announce/mfsa2005-11.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-094.html", "name": "RHSA-2005:094", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-323.html", "name": "RHSA-2005:323", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-335.html", "name": "RHSA-2005:335", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/19823", "name": "19823", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/12407", "name": "12407", "tags": [], "refsource": "BID"}, {"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html", "name": "SUSE-SA:2006:004", "tags": [], "refsource": "SUSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172", "name": "mozilla-cookie-policy-bypass(19172)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407", "name": "oval:org.mitre.oval:def:11407", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047", "name": "oval:org.mitre.oval:def:100047", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0149", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-02-15T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}

5.0 /10