Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2018

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2018
Last Modified 06 Aug 2015 10:50:11
Published 17 Feb 2014 05:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2018

Summary

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

Vulnerable Systems

Application

  • Mozilla Seamonkey

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.18

  • Mozilla Seamonkey 1.1.19

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Seamonkey 1.5.0.10

  • Mozilla Seamonkey 1.5.0.8

  • Mozilla Seamonkey 1.5.0.9

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.10

  • Mozilla Seamonkey 2.0.11

  • Mozilla Seamonkey 2.0.12

  • Mozilla Seamonkey 2.0.13

  • Mozilla Seamonkey 2.0.14

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4

  • Mozilla Seamonkey 2.0.5

  • Mozilla Seamonkey 2.0.6

  • Mozilla Seamonkey 2.0.7

  • Mozilla Seamonkey 2.0.8

  • Mozilla Seamonkey 2.0.9

  • Mozilla Seamonkey 2.1

  • Mozilla Seamonkey 2.10

  • Mozilla Seamonkey 2.10.1

  • Mozilla Seamonkey 2.11

  • Mozilla Seamonkey 2.12

  • Mozilla Seamonkey 2.12.1

  • Mozilla Seamonkey 2.13

  • Mozilla Seamonkey 2.13.1

  • Mozilla Seamonkey 2.13.2

  • Mozilla Seamonkey 2.14

  • Mozilla Seamonkey 2.15

  • Mozilla Seamonkey 2.15.1

  • Mozilla Seamonkey 2.15.2

  • Mozilla Seamonkey 2.16

  • Mozilla Seamonkey 2.16.1

  • Mozilla Seamonkey 2.16.2

  • Mozilla Seamonkey 2.17

  • Mozilla Seamonkey 2.17.1

  • Mozilla Seamonkey 2.18

  • Mozilla Seamonkey 2.19

  • Mozilla Thunderbird 17.0

  • Mozilla Thunderbird 17.0.1

  • Mozilla Thunderbird 17.0.2

  • Mozilla Thunderbird 17.0.3

  • Mozilla Thunderbird 17.0.4

  • Mozilla Thunderbird 17.0.5

  • Mozilla Thunderbird 17.0.6

  • Mozilla Thunderbird 17.0.7

  • Mozilla Thunderbird 17.0.8

  • Mozilla Thunderbird Esr 17.0

  • Mozilla Thunderbird Esr 17.0.1

  • Mozilla Thunderbird Esr 17.0.10

  • Mozilla Thunderbird Esr 17.0.2

  • Mozilla Thunderbird Esr 17.0.3

  • Mozilla Thunderbird Esr 17.0.4

  • Mozilla Thunderbird Esr 17.0.5

  • Mozilla Thunderbird Esr 17.0.6

  • Mozilla Thunderbird Esr 17.0.7

  • Mozilla Thunderbird Esr 17.0.8


References

CERT-VN - VU#863369

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=875818

MISC - http://www.vulnerability-lab.com/get_content.php?id=953

CONFIRM - http://www.mozilla.org/security/announce/2014/mfsa2014-14.html

SECTRACK - 1029774

SECTRACK - 1029773


Last Updated: 27 May 2016 11:04:28