CVE-2005-0149 : Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the netw

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.

Published 2005-02-15 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-0149

Mozilla » Mozilla » Version: 1.7
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7.1
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7.2
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update RC3
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update Beta
cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update RC1
cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update Alpha
cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7 Update RC2
cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla » Version: 1.7.3
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7.2
cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7.3
cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7
cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.7.1
cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.6
cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 0.9
cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-0149

EPSS FAQ

1.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-0149

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-0149

https://exchange.xforce.ibmcloud.com/vulnerabilities/19172
http://www.mozilla.org/security/announce/mfsa2005-11.html

Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407
http://www.novell.com/linux/security/advisories/2006_04_25.html

404 Page Not Found | SUSE

CVEs referencing this url
http://secunia.com/advisories/19823

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2005-335.html

Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/12407

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=268107

Patch;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html

Patch;Vendor Advisory

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2005-094.html

Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047

Jump to

Vulnerability Details : CVE-2005-0149

Products affected by CVE-2005-0149

Exploit prediction scoring system (EPSS) score for CVE-2005-0149

CVSS scores for CVE-2005-0149

References for CVE-2005-0149