CVE-2005-0149

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

Published: Feb 15, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0149
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	0.6	0.6.x
mozilla / thunderbird	0.7.2	0.7.2.x
mozilla / mozilla	1.7-alpha	1.7-alpha.x
mozilla / mozilla	1.7-rc1	1.7-rc1.x
mozilla / mozilla	1.7	1.7.x
mozilla / mozilla	1.7-beta	1.7-beta.x
mozilla / thunderbird	0.9	0.9.x
mozilla / mozilla	1.7.1	1.7.1.x
mozilla / thunderbird	0.7.3	0.7.3.x
mozilla / thunderbird	0.7	0.7.x
mozilla / mozilla	1.7.2	1.7.2.x
mozilla / mozilla	1.7-rc3	1.7-rc3.x
mozilla / thunderbird	0.7.1	0.7.1.x
mozilla / mozilla	1.7-rc2	1.7-rc2.x
mozilla / mozilla	1.7.3	1.7.3.x

http://secunia.com/advisories/19823
http://www.mozilla.org/security/announce/mfsa2005-11.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/support/errata/RHSA-2005-094.html
http://www.redhat.com/support/errata/RHSA-2005-323.html
http://www.redhat.com/support/errata/RHSA-2005-335.html
http://www.securityfocus.com/bid/12407
https://bugzilla.mozilla.org/show_bug.cgi?id=268107
https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407

Vulnerability Database

289,599

CVE-2005-0149