Mozilla Thunderbird 17 Script Execution in HTML Mail Replies

High

Synopsis

The remote host has a web browser installed that is vulnerable to a bypass of the Javascript execution restriction mechanism.

Description

Versions of Thunderbird earlier than 24 are unpatched against a Javascript execution restriction bypass, which could be exploited by embedding an iframe with a data: URL within the message. Successful exploitation would require that the victim be editing (i.e., replying or forwarding) the message in the HTML mail editor. Doing so could allow the script to observe and potentially modify the content of the email before it was sent.

Solution

Upgrade to Thunderbird 24 or later.