Mozilla Products: Script execution in HTML mail replies - mfsa2014-14 (Mac OS X)ID: oval:org.secpod.oval:def:16831 | Date: (C)2014-02-21 (M)2024-02-19 |
Class: PATCH | Family: macos |
Security researcher Fabiaacute;n Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an lt;iframegt; with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it quot;in-linequot; using Thunderbird"s HTML mail editor, it would run the attached script. The running script would be restricted to the mail composition window where it could observe and potentially modify the content of the mail before it was sent. Scripts were not executed if the recipient merely viewed the mail, only if it was edited as HTML. Turning off HTML composition prevented the vulnerability and forwarding the mail quot;as attachmentquot; prevented the forwarding variant. Ateeq ur Rehman Khan of Vulnerability Labs reported additional variants of this attack involving the use of the lt;objectgt; tag and which could be used to attach object data types such as images, audio, or video.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X Server 10.8 |
Apple Mac OS X Server 10.9 |
Apple Mac OS X Server 10.10 |
Product: |
Mozilla SeaMonkey |
Mozilla Thunderbird |