Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Thunderbird < 17.0.8 XSS



The remote host has a mail client installed that is vulnerable to multiple Cross-site scripting (XSS) attacks.


Versions of Mozilla Thunderbird prior to 17.0.8 are affected by the following vulnerabilities :

- A flaw exists because the program does not validate URLs in IFRAME elements before returning it to users. (OSVDB 102566) - A flaw exists because the program does not validate input when handling a specially crafted EMBED or OBJECT element. (OSVDB 103429)

These vulnerabilities may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Upgrade to Thunderbird 17.0.8 or later.