Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6674

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-6674
Last Modified 07 Aug 2015 01:41:45
Published 17 Feb 2014 05:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-6674

Summary

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.

Vulnerable Systems

Application

  • Mozilla Seamonkey

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.18

  • Mozilla Seamonkey 1.1.19

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Seamonkey 1.5.0.10

  • Mozilla Seamonkey 1.5.0.8

  • Mozilla Seamonkey 1.5.0.9

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.10

  • Mozilla Seamonkey 2.0.11

  • Mozilla Seamonkey 2.0.12

  • Mozilla Seamonkey 2.0.13

  • Mozilla Seamonkey 2.0.14

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4

  • Mozilla Seamonkey 2.0.5

  • Mozilla Seamonkey 2.0.6

  • Mozilla Seamonkey 2.0.7

  • Mozilla Seamonkey 2.0.8

  • Mozilla Seamonkey 2.0.9

  • Mozilla Seamonkey 2.1

  • Mozilla Seamonkey 2.10

  • Mozilla Seamonkey 2.10.1

  • Mozilla Seamonkey 2.11

  • Mozilla Seamonkey 2.12

  • Mozilla Seamonkey 2.12.1

  • Mozilla Seamonkey 2.13

  • Mozilla Seamonkey 2.13.1

  • Mozilla Seamonkey 2.13.2

  • Mozilla Seamonkey 2.14

  • Mozilla Seamonkey 2.15

  • Mozilla Seamonkey 2.15.1

  • Mozilla Seamonkey 2.15.2

  • Mozilla Seamonkey 2.16

  • Mozilla Seamonkey 2.16.1

  • Mozilla Seamonkey 2.16.2

  • Mozilla Seamonkey 2.17

  • Mozilla Seamonkey 2.17.1

  • Mozilla Seamonkey 2.18

  • Mozilla Seamonkey 2.19

  • Mozilla Seamonkey 2.20

  • Mozilla Thunderbird 17.0

  • Mozilla Thunderbird 17.0.1

  • Mozilla Thunderbird 17.0.2

  • Mozilla Thunderbird 17.0.3

  • Mozilla Thunderbird 17.0.4

  • Mozilla Thunderbird 17.0.5

  • Mozilla Thunderbird 17.0.6

  • Mozilla Thunderbird 17.0.7

  • Mozilla Thunderbird 17.0.8

  • Mozilla Thunderbird Esr 17.0

  • Mozilla Thunderbird Esr 17.0.1

  • Mozilla Thunderbird Esr 17.0.10

  • Mozilla Thunderbird Esr 17.0.2

  • Mozilla Thunderbird Esr 17.0.3

  • Mozilla Thunderbird Esr 17.0.4

  • Mozilla Thunderbird Esr 17.0.5

  • Mozilla Thunderbird Esr 17.0.6

  • Mozilla Thunderbird Esr 17.0.7

  • Mozilla Thunderbird Esr 17.0.8

  • Mozilla Thunderbird Esr 17.0.9


References

CERT-VN - VU#863369

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=868267

CONFIRM - http://www.mozilla.org/security/announce/2014/mfsa2014-14.html

UBUNTU - USN-2119-1

SECTRACK - 1029774

SECTRACK - 1029773

FULLDISC - 20140127 Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability

MISC - http://packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass.html

OSVDB - 102566


Last Updated: 27 May 2016 11:04:28