PT-2014-3167 · Mozilla+3 · Thunderbird+4

Fabián Cuchietti

Publicado

2013-10-26

Atualizado

2015-08-07

CVE-2013-6674

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Thunderbird versions 17.x through 17.0.8 Mozilla Thunderbird ESR versions 17.x through 17.0.10 SeaMonkey versions prior to 2.20

Description A cross-site scripting (XSS) issue allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element.

Recommendations For Mozilla Thunderbird versions 17.x through 17.0.8, update to a version after 17.0.8 to resolve the issue. For Mozilla Thunderbird ESR versions 17.x through 17.0.10, update to a version after 17.0.10 to resolve the issue. For SeaMonkey versions prior to 2.20, update to version 2.20 or later to resolve the issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2013-1033

ALT-PU-2014-1201

CESA-2013_1823

CVE-2013-6674

RHSA-2013:1823

RHSA-2013_1823

Produtos afetados

Alt Linux

Centos

Thunderbird

Red Hat

Seamonkey

PT-2014-3167 · Mozilla+3 · Thunderbird+4

CVE-2013-6674

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 116