Description
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Exploits (1)
exploitdb
WORKING POC
by Vulnerability-Lab · textdosmultiple
https://www.exploit-db.com/exploits/31223
References (9)
Core 9
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2119-1
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jan/182
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102566
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029773
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2014-14.html
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/863369
Exploit x_refsource_misc
http://packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029774
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=868267
Scores
EPSS
0.4753
EPSS Percentile
97.7%
Details
CWE
CWE-79
Status
published
Products (39)
mozilla/seamonkey
mozilla/seamonkey
1.0 (3 CPE variants)
mozilla/seamonkey
1.0.1
mozilla/seamonkey
1.0.2
mozilla/seamonkey
1.0.3
mozilla/seamonkey
1.0.4
mozilla/seamonkey
1.0.5
mozilla/seamonkey
1.0.6
mozilla/seamonkey
1.0.7
mozilla/seamonkey
1.0.8
... and 29 more
Published
Feb 17, 2014
Tracked Since
Feb 18, 2026