[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Script execution in HTML mail replies - mfsa2014-14

ID: oval:org.secpod.oval:def:16828Date: (C)2014-02-21   (M)2024-02-19
Class: PATCHFamily: windows




Security researcher Fabián Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an <iframe> with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it "in-line" using Thunderbird"s HTML mail editor, it would run the attached script. The running script would be restricted to the mail composition window where it could observe and potentially modify the content of the mail before it was sent. Scripts were not executed if the recipient merely viewed the mail, only if it was edited as HTML. Turning off HTML composition prevented the vulnerability and forwarding the mail "as attachment" prevented the forwarding variant. Ateeq ur Rehman Khan of Vulnerability Labs reported additional variants of this attack involving the use of the <object> tag and which could be used to attach object data types such as images, audio, or video.

Platform:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Product:
Mozilla SeaMonkey
Mozilla Thunderbird
Reference:
MFSA 2014-14
CVE-2013-6674
CVE-2014-2018
CVE    2
CVE-2014-2018
CVE-2013-6674
CPE    148
cpe:/a:mozilla:seamonkey:2.11:beta3
cpe:/a:mozilla:seamonkey:2.11:beta2
cpe:/a:mozilla:seamonkey:2.11:beta5
cpe:/a:mozilla:seamonkey:2.11:beta4
...

© SecPod Technologies