Potential Vulnerability: Cross-Product Exploitation via Thunderbird's Default Handler for javascript: Links

Potential Vulnerability: Cross-Product Exploitation via Thunderbird's Default Handler for javascript: Links

CVE-2005-0148 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.

Learn more about our User Device Pen Test.