Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-r5wp-hg7f-vr2m

Опубликовано: 17 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

Ссылки

EPSS

Процентиль: 72%
0.00734
Низкий

CVE ID

CVE-2014-2018

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2014-2018

ubuntu
больше 11 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

redhat логотип

CVE-2014-2018

redhat
больше 11 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

nvd логотип

CVE-2014-2018

nvd
больше 11 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

debian логотип

CVE-2014-2018

debian
больше 11 лет назад

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x t ...

fstec логотип

BDU:2014-00303

fstec
больше 11 лет назад

Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику внедрить произвольный веб-сценарий или HTML-код

EPSS

Процентиль: 72%
0.00734
Низкий

CVE ID

CVE-2014-2018

Дефекты

CWE-79