Crashfr

**Name of the Vulnerable Software and Affected Versions** Mozilla Thunderbird version 1.5 **Description** The issue concerns the HTML rendering engine in Mozilla Thunderbird. When the "Block loading of remote images in mail messages" option is enabled, it fails to properly block external images from inline HTML attachments. This could allow remote attackers to obtain sensitive information, such as the application version or IP address, when the user reads the email and the external image is accessed. **Recommendations** For Mozilla Thunderbird version 1.5, consider disabling the HTML rendering engine for mail messages or avoid reading emails with inline HTML attachments until a fix is available. As a temporary workaround, disable the loading of remote images in mail messages to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PhpSlash version 0.8.0 Description: The issue allows remote attackers to modify arbitrary profiles and gain privileges. This is achieved by modifying the `author id` parameter in the `saveProfile` function. Recommendations: For PhpSlash version 0.8.0, consider restricting access to the `saveProfile` function until a patch is available, and avoid using the `author id` parameter in this function to minimize the risk of exploitation.