CVE-2013-6674
published 2014-02-17CVE-2013-6674: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
7.70%
93.8th percentile
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Affected
91 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | seamonkey | <= 2.19 | — |
| mozilla | seamonkey | <= 2.20 | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_ubuntu9.8CRITICAL
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f33f-rhvc-q7r2: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2013-6674 [MEDIUM] CWE-79 GHSA-f33f-rhvc-q7r2: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
GHSA
GHSA-r5wp-hg7f-vr2m: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2014-2018 [MEDIUM] CWE-79 GHSA-r5wp-hg7f-vr2m: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2014-02-19·CVSS 9.8
CVE-2014-1477 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric
Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda
discovered multiple memory safety issues in Thunderbird. If a user were
tricked in to opening a specially crafted message with scripting enabled,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Thunderbird. (CVE-2014-1477)
Cody Crews discovered a method to bypass System Only Wrappers. If a user
had enabled scripting, an attacker could potentially exploit this to steal
confidential data or execute code with the privileges of the user invoking
Thun
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
vendor_redhat·2014-02-06·CVSS 4.3
CVE-2013-6674 [MEDIUM] Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Statement: This issue was resolved in the version of thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 via RHSA-2013:1823.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
vendor_redhat·2014-02-06·CVSS 4.3
CVE-2014-2018 [MEDIUM] Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.
Statement: This issue was resolved in the version of thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 via RHSA-2013:1823.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 5) - Affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Affected
No detection rules found.
http://osvdb.org/102566http://packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.htmlhttp://seclists.org/fulldisclosure/2014/Jan/182http://www.kb.cert.org/vuls/id/863369http://www.mozilla.org/security/announce/2014/mfsa2014-14.htmlhttp://www.securitytracker.com/id/1029773http://www.securitytracker.com/id/1029774http://www.ubuntu.com/usn/USN-2119-1https://bugzilla.mozilla.org/show_bug.cgi?id=868267http://osvdb.org/102566http://packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.htmlhttp://seclists.org/fulldisclosure/2014/Jan/182http://www.kb.cert.org/vuls/id/863369http://www.mozilla.org/security/announce/2014/mfsa2014-14.htmlhttp://www.securitytracker.com/id/1029773http://www.securitytracker.com/id/1029774http://www.ubuntu.com/usn/USN-2119-1https://bugzilla.mozilla.org/show_bug.cgi?id=868267
2014-02-17
Published