N/A Published on 2005-07-13

CVE-2005-2261

Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.

EPSS 4.6% percentile 89.4%

Affected tracked apps

Thunderbird

winget:Mozilla.Thunderbird

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.2:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.3:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.4:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.5:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.8:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*

View on NVD ↗