Mozilla Thunderbird < 17.0.8 XSS
Medium Nessus Network Monitor Plugin ID 8273
SynopsisThe remote host has a mail client installed that is vulnerable to multiple Cross-site scripting (XSS) attacks.
DescriptionVersions of Mozilla Thunderbird prior to 17.0.8 are affected by the following vulnerabilities :
- A flaw exists because the program does not validate URLs in IFRAME elements before returning it to users. (OSVDB 102566)
- A flaw exists because the program does not validate input when handling a specially crafted EMBED or OBJECT element. (OSVDB 103429)
These vulnerabilities may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
SolutionUpgrade to Thunderbird 17.0.8 or later.