Lucene search
HistoryFeb 17, 2014 - 10:55 p.m.
CVE-2013-6674
cve-2013-6674
cross-site scripting
xss
mozilla thunderbird
thunderbird esr
seamonkey
remote attackers
html injection
data url
iframe
nvd
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.942 High
EPSS
Percentile
99.2%
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Affected configurations
Node
mozillaseamonkey
ORmozillaseamonkeyRange≤2.20beta3
ORmozillaseamonkeyMatch1.0
ORmozillaseamonkeyMatch1.0alpha
ORmozillaseamonkeyMatch1.0beta
ORmozillaseamonkeyMatch1.0.1
ORmozillaseamonkeyMatch1.0.2
ORmozillaseamonkeyMatch1.0.3
ORmozillaseamonkeyMatch1.0.4
ORmozillaseamonkeyMatch1.0.5
ORmozillaseamonkeyMatch1.0.6
ORmozillaseamonkeyMatch1.0.7
ORmozillaseamonkeyMatch1.0.8
ORmozillaseamonkeyMatch1.0.9
ORmozillaseamonkeyMatch1.1
ORmozillaseamonkeyMatch1.1alpha
ORmozillaseamonkeyMatch1.1beta
ORmozillaseamonkeyMatch1.1.1
ORmozillaseamonkeyMatch1.1.2
ORmozillaseamonkeyMatch1.1.3
ORmozillaseamonkeyMatch1.1.4
ORmozillaseamonkeyMatch1.1.5
ORmozillaseamonkeyMatch1.1.6
ORmozillaseamonkeyMatch1.1.7
ORmozillaseamonkeyMatch1.1.8
ORmozillaseamonkeyMatch1.1.9
ORmozillaseamonkeyMatch1.1.10
ORmozillaseamonkeyMatch1.1.11
ORmozillaseamonkeyMatch1.1.12
ORmozillaseamonkeyMatch1.1.13
ORmozillaseamonkeyMatch1.1.14
ORmozillaseamonkeyMatch1.1.15
ORmozillaseamonkeyMatch1.1.16
ORmozillaseamonkeyMatch1.1.17
ORmozillaseamonkeyMatch1.1.18
ORmozillaseamonkeyMatch1.1.19
ORmozillaseamonkeyMatch1.5.0.8
ORmozillaseamonkeyMatch1.5.0.9
ORmozillaseamonkeyMatch1.5.0.10
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
ORmozillaseamonkeyMatch2.1beta1
ORmozillaseamonkeyMatch2.1beta2
ORmozillaseamonkeyMatch2.1beta3
ORmozillaseamonkeyMatch2.1rc1
ORmozillaseamonkeyMatch2.1rc2
ORmozillaseamonkeyMatch2.10
ORmozillaseamonkeyMatch2.10beta1
ORmozillaseamonkeyMatch2.10beta2
ORmozillaseamonkeyMatch2.10beta3
ORmozillaseamonkeyMatch2.10.1
ORmozillaseamonkeyMatch2.11
ORmozillaseamonkeyMatch2.11beta1
ORmozillaseamonkeyMatch2.11beta2
ORmozillaseamonkeyMatch2.11beta3
ORmozillaseamonkeyMatch2.11beta4
ORmozillaseamonkeyMatch2.11beta5
ORmozillaseamonkeyMatch2.11beta6
ORmozillaseamonkeyMatch2.12
ORmozillaseamonkeyMatch2.12beta1
ORmozillaseamonkeyMatch2.12beta2
ORmozillaseamonkeyMatch2.12beta3
ORmozillaseamonkeyMatch2.12beta4
ORmozillaseamonkeyMatch2.12beta5
ORmozillaseamonkeyMatch2.12beta6
ORmozillaseamonkeyMatch2.12.1
ORmozillaseamonkeyMatch2.13
ORmozillaseamonkeyMatch2.13beta1
ORmozillaseamonkeyMatch2.13beta2
ORmozillaseamonkeyMatch2.13beta3
ORmozillaseamonkeyMatch2.13beta4
ORmozillaseamonkeyMatch2.13beta5
ORmozillaseamonkeyMatch2.13beta6
ORmozillaseamonkeyMatch2.13.1
ORmozillaseamonkeyMatch2.13.2
ORmozillaseamonkeyMatch2.14
ORmozillaseamonkeyMatch2.14beta1
ORmozillaseamonkeyMatch2.14beta2
ORmozillaseamonkeyMatch2.14beta3
ORmozillaseamonkeyMatch2.14beta4
ORmozillaseamonkeyMatch2.14beta5
ORmozillaseamonkeyMatch2.15
ORmozillaseamonkeyMatch2.15beta1
ORmozillaseamonkeyMatch2.15beta2
ORmozillaseamonkeyMatch2.15beta3
ORmozillaseamonkeyMatch2.15beta4
ORmozillaseamonkeyMatch2.15beta5
ORmozillaseamonkeyMatch2.15beta6
ORmozillaseamonkeyMatch2.15.1
ORmozillaseamonkeyMatch2.15.2
ORmozillaseamonkeyMatch2.16
ORmozillaseamonkeyMatch2.16beta1
ORmozillaseamonkeyMatch2.16beta2
ORmozillaseamonkeyMatch2.16beta3
ORmozillaseamonkeyMatch2.16beta4
ORmozillaseamonkeyMatch2.16beta5
ORmozillaseamonkeyMatch2.16.1
ORmozillaseamonkeyMatch2.16.2
ORmozillaseamonkeyMatch2.17
ORmozillaseamonkeyMatch2.17beta1
ORmozillaseamonkeyMatch2.17beta2
ORmozillaseamonkeyMatch2.17beta3
ORmozillaseamonkeyMatch2.17beta4
ORmozillaseamonkeyMatch2.17.1
ORmozillaseamonkeyMatch2.18beta1
ORmozillaseamonkeyMatch2.18beta2
ORmozillaseamonkeyMatch2.18beta3
ORmozillaseamonkeyMatch2.18beta4
ORmozillaseamonkeyMatch2.19
ORmozillaseamonkeyMatch2.19beta1
ORmozillaseamonkeyMatch2.19beta2
ORmozillaseamonkeyMatch2.20beta1
ORmozillaseamonkeyMatch2.20beta2
Node
mozillathunderbirdMatch17.0
ORmozillathunderbirdMatch17.0.1
ORmozillathunderbirdMatch17.0.2
ORmozillathunderbirdMatch17.0.3
ORmozillathunderbirdMatch17.0.4
ORmozillathunderbirdMatch17.0.5
ORmozillathunderbirdMatch17.0.6
ORmozillathunderbirdMatch17.0.7
ORmozillathunderbirdMatch17.0.8
Node
mozillathunderbird_esrMatch17.0
ORmozillathunderbird_esrMatch17.0.1
ORmozillathunderbird_esrMatch17.0.2
ORmozillathunderbird_esrMatch17.0.3
ORmozillathunderbird_esrMatch17.0.4
ORmozillathunderbird_esrMatch17.0.5
ORmozillathunderbird_esrMatch17.0.6
ORmozillathunderbird_esrMatch17.0.7
ORmozillathunderbird_esrMatch17.0.8
ORmozillathunderbird_esrMatch17.0.9
ORmozillathunderbird_esrMatch17.0.10
References
osvdb.org/102566
packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.html
seclists.org/fulldisclosure/2014/Jan/182
www.kb.cert.org/vuls/id/863369
www.mozilla.org/security/announce/2014/mfsa2014-14.html
www.securitytracker.com/id/1029773
www.securitytracker.com/id/1029774
www.ubuntu.com/usn/USN-2119-1
bugzilla.mozilla.org/show_bug.cgi?id=868267
Related
cert
cert
vulnerlab
vulnerlab
Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability
2014-01-26 00:00:00
Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability
2014-01-26 00:00:00
Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability
2014-01-29 00:00:00
openvas
openvas
SeaMonkey Multiple XSS Vulnerabilities (Feb 2014) - Windows
2014-02-19 00:00:00
Mozilla Thunderbird Multiple XSS Vulnerabilities (Feb 2014) - Windows
2014-02-19 00:00:00
Mozilla Thunderbird Multiple XSS Vulnerabilities (Feb 2014) - Mac OS X
2014-02-19 00:00:00
cve
cve
CVE-2014-2018
2014-02-17 22:55:05
ubuntucve
ubuntucve
CVE-2014-2018
2014-02-17 00:00:00
CVE-2013-6674
2014-02-19 00:00:00
mozilla
mozilla
Script execution in HTML mail replies — Mozilla
2014-02-06 00:00:00
prion
prion
Cross site scripting
2014-02-17 22:55:00
Cross site scripting
2014-02-17 22:55:00
cvelist
cvelist
CVE-2013-6674
2014-02-17 22:00:00
CVE-2014-2018
2014-02-17 22:00:00
nvd
nvd
CVE-2013-6674
2014-02-17 22:55:04
CVE-2014-2018
2014-02-17 22:55:05
veracode
veracode
Arbitary Code Injection
2019-05-02 05:00:42
nessus
nessus
Oracle Linux 6 : thunderbird (ELSA-2013-1823)
2013-12-12 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2119-1)
2014-02-20 00:00:00
RHEL 5 / 6 : thunderbird (RHSA-2013:1823)
2013-12-12 00:00:00
redhat
redhat
(RHSA-2013:1823) Important: thunderbird security update
2013-12-11 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2014-02-19 00:00:00
centos
centos
thunderbird security update
2013-12-11 23:13:52
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-02-10 00:00:00
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.942 High
EPSS
Percentile
99.2%
Related for CVE-2013-6674