Back to search
CVE-2013-6674
Published: Feb 17, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-2119-1
vendor-advisory
x_refsource_UBUNTU
20140127 Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability
mailing-list
x_refsource_FULLDISC
102566
vdb-entry
x_refsource_OSVDB
1029773
vdb-entry
x_refsource_SECTRACK
http://www.mozilla.org/security/announce/2014/mfsa2014-14.html
x_refsource_CONFIRM
VU#863369
third-party-advisory
x_refsource_CERT-VN
1029774
vdb-entry
x_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=868267
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now