Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6674Cross-site Scripting in Mozilla Seamonkey

CWE-79Cross-site Scripting8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
47.5%
top 2.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Mozilla SeamonkeyMozilla ThunderbirdMozilla Thunderbird ESR
Timeline
PublishedFeb 17
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/thunderbird9 versions+8
NVDmozilla/thunderbird_esr11 versions+10
NVDmozilla/seamonkey2.20+69

🔴Vulnerability Details

2
GHSA
GHSA-f33f-rhvc-q7r2: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 172022-05-17
CVEList
CVE-2013-6674: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 172014-02-17

💥Exploits & PoCs

1
Exploit-DB
Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass2014-01-27

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2014-02-19
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)2014-02-06
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)2014-02-06

💬Community

1
Bugzilla
CVE-2013-6674 CVE-2014-2018 Mozilla: Script execution in HTML mail replies (MFSA 2014-14)2014-02-10
CVE-2013-6674 — Cross-site Scripting in Mozilla | cvebase