thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

matrix-react-sdk 注入漏洞

matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. matrix-react-sdk version 3.71.0 before the injection vulnerability , the vulnerability stems from the inclusion of HTML tags in the search results of plain text messages will be rendered a...