CVE-2013-6674

Mozilla Seamonkey < 2.20 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textdosmultiple

https://www.exploit-db.com/exploits/31223

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://osvdb.org/102566

[Exploit] http://packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.html

[Exploit] http://seclists.org/fulldisclosure/2014/Jan/182

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/863369

[Vendor Advisory] http://www.mozilla.org/security/announce/2014/mfsa2014-14.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2119-1

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=868267

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029773

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029774

Scores

EPSS 0.4753

EPSS Percentile 97.7%

Details

CWE

CWE-79

Status published

Products (50)

mozilla/seamonkey

mozilla/seamonkey < 2.20

mozilla/seamonkey

mozilla/seamonkey

mozilla/seamonkey

mozilla/seamonkey

mozilla/seamonkey

mozilla/seamonkey

mozilla/seamonkey

mozilla/seamonkey

... and 40 more

Published Feb 17, 2014

Tracked Since Feb 18, 2026