Mozilla Thunderbird Mail Content iframe src Validation Failure XSS

2006-02-22T09:32:01
ID OSVDB:23653
Type osvdb
Reporter Georgi Guninski(guninski@guninski.com)
Modified 2006-02-22T09:32:01

Description

Vulnerability Description

Mozilla Suite, Mozilla Seamonkey and Mozilla Thunderbird contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the javascript content of an email upon forwarding it to another email receipient. This could allow a user to create a specially crafted email that would execute arbitrary code in a user's browser with user privileges without security restrictions, leading to a loss of integrity.

Solution Description

Mozilla has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Switch to "plain text" mail composition, as this vulnerability only affects HTML mail composition (the default). On the "Composition and Addressing" tab of Thunderbird's Account Settings dialog uncheck the "Compose messages in HTML format" option to compose messages in plain text.

Short Description

Mozilla Suite, Mozilla Seamonkey and Mozilla Thunderbird contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the javascript content of an email upon forwarding it to another email receipient. This could allow a user to create a specially crafted email that would execute arbitrary code in a user's browser with user privileges without security restrictions, leading to a loss of integrity.

References:

Vendor URL: https://bugzilla.mozilla.org/show_bug.cgi?id=319858 Vendor URL: http://www.mozilla.org/security/announce/2006/mfsa2006-21.html Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015665 Secunia Advisory ID:19811 Secunia Advisory ID:19902 Secunia Advisory ID:19823 Secunia Advisory ID:19863 Secunia Advisory ID:21033 Secunia Advisory ID:21622 Secunia Advisory ID:19941 Secunia Advisory ID:19721 Secunia Advisory ID:19821 Secunia Advisory ID:19950 Secunia Advisory ID:20051 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html Other Advisory URL: http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:078 Other Advisory URL: http://www.debian.org/security/2006/dsa-1046 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0401.html Generic Exploit URL: https://bugzilla.mozilla.org/show_bug.cgi?id=319858 CVE-2006-0884 Bugtraq ID: 16770