Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability

Published by SecurityFocus’ BugTraq:
http://www.securityfocus.com/bid/16770


Mozilla Thunderbird is prone to a script-execution vulnerability.


The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client.


Mozilla Thunderbird 1.0.7 and prior versions are reportedly affected.


Vulnerable:
Mozilla Thunderbird 1.0.7
Mozilla Thunderbird 1.0.6
Mozilla Thunderbird 1.0.5
Mozilla Thunderbird 1.0.2
Mozilla Thunderbird 1.0.1
Mozilla Thunderbird 1.0 
 
Not Vulnerable:  Mozilla Thunderbird 1.5


Additional notes:
Reports indicate that this issue has been addressed Thunderbird 1.5. Symantec was not able to confirm this information. Please contact the vendor for more information.


 

Leave a Reply