New Search

Mozilla Thunderbird Subject to IE Vulnerabilities via javascript

oval:org.mitre.oval:def:100048

Thunderbird before 0.9 when running on Windows systems uses the default handler when processing javascript: links which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice and the vulnerabilities inherent in multi-product interactions are not easily enumerable this issue might be REJECTED in the future.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows NT
Class:
vulnerability
Reference(s):
  • CVE-2005-0148
Product(s):
  • Mozilla Thunderbird