Mozilla.Thunderbird.IFRAME.JavaScript.Execution
Description
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Affected Products
Mozilla Thunderbird 1.0.7 and earlier
Impact
Successful exploitation may lead to information disclosure (application
version, platform, user emails, user preferences, ...) or could crash the
application.
Recommended Actions
Upgrade to version 1.5.
Download page : http://www.mozilla.com/thunderbird/all.html
Direct link :
http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/1.5/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-11-25 | 16.968 | Name:Multiple. Mozilla. Products. IFRAME. JavaScript. Execution:Mozilla. Thunderbird. IFRAME. JavaScript. Execution |