PT-2014-3167 · Mozilla+3 · Thunderbird+4

Fabián Cuchietti

Published

2013-10-26

Updated

2015-08-07

CVE-2013-6674

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Thunderbird versions 17.x through 17.0.8 Mozilla Thunderbird ESR versions 17.x through 17.0.10 SeaMonkey versions prior to 2.20

Description A cross-site scripting (XSS) issue allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element.

Recommendations For Mozilla Thunderbird versions 17.x through 17.0.8, update to a version after 17.0.8 to resolve the issue. For Mozilla Thunderbird ESR versions 17.x through 17.0.10, update to a version after 17.0.10 to resolve the issue. For SeaMonkey versions prior to 2.20, update to version 2.20 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2013-1033

ALT-PU-2014-1201

CESA-2013_1823

CVE-2013-6674

RHSA-2013:1823

RHSA-2013_1823

Affected Products

Alt Linux

Centos

Thunderbird

Red Hat

Seamonkey

PT-2014-3167 · Mozilla+3 · Thunderbird+4

CVE-2013-6674

Weakness Enumeration

Related Identifiers

Affected Products

References · 116