Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018
Reporter | Title | Published | Views | Family All 36 |
---|---|---|---|---|
![]() | Mozilla Thunderbird does not adequately restrict HTML elements in email message content | 27 Jan 201400:00 | – | cert |
![]() | CVE-2014-2018 | 17 Feb 201422:00 | – | cvelist |
![]() | CVE-2013-6674 | 17 Feb 201422:00 | – | cvelist |
![]() | SeaMonkey Multiple XSS Vulnerabilities (Feb 2014) - Windows | 19 Feb 201400:00 | – | openvas |
![]() | Mozilla Thunderbird Multiple XSS Vulnerabilities (Feb 2014) - Windows | 19 Feb 201400:00 | – | openvas |
![]() | Mozilla Thunderbird Multiple XSS Vulnerabilities (Feb 2014) - Mac OS X | 19 Feb 201400:00 | – | openvas |
![]() | Mozilla Thunderbird ESR Multiple XSS Vulnerabilities (Feb 2014) - Windows | 19 Feb 201400:00 | – | openvas |
![]() | SeaMonkey Multiple XSS Vulnerabilities (Feb 2014) - Mac OS X | 19 Feb 201400:00 | – | openvas |
![]() | Mozilla Thunderbird ESR Multiple XSS Vulnerabilities (Feb 2014) - Mac OS X | 19 Feb 201400:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-2119-1) | 20 Feb 201400:00 | – | openvas |
Source | Link |
---|---|
bugzilla | www.bugzilla.mozilla.org/show_bug.cgi |
ubuntu | www.ubuntu.com/usn/USN-2119-1 |
packetstormsecurity | www.packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.html |
securitytracker | www.securitytracker.com/id/1029773 |
seclists | www.seclists.org/fulldisclosure/2014/Jan/182 |
osvdb | www.osvdb.org/102566 |
mozilla | www.mozilla.org/security/announce/2014/mfsa2014-14.html |
kb | www.kb.cert.org/vuls/id/863369 |
securitytracker | www.securitytracker.com/id/1029774 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo