icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Thunderbird < 1.5.0.13 Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to a script injection attack.

Description

The remote version of Mozilla Thunderbird suffers from a flaw in the way that it handles 'about:blank' Javascript code. An attacker exploiting this flaw would need to be able to convince a Thunderbird user to open an email that populated 'about:blank' with malicious Javascript code. Successful exploitation would result in the attacker executing arbitrary Javascript on the local machine.

Solution

Upgrade to version 1.5.0.13 or higher.