4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
8 High
AI Score
Confidence
High
0.942 High
EPSS
Percentile
99.2%
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
osvdb.org/102566
packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.html
seclists.org/fulldisclosure/2014/Jan/182
www.kb.cert.org/vuls/id/863369
www.mozilla.org/security/announce/2014/mfsa2014-14.html
www.securitytracker.com/id/1029773
www.securitytracker.com/id/1029774
www.ubuntu.com/usn/USN-2119-1
bugzilla.mozilla.org/show_bug.cgi?id=868267