The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and previous versions allows user-assisted malicious users to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla thunderbird 1.0 |
||
mozilla thunderbird 0.7 |
||
mozilla thunderbird 0.7.1 |
||
mozilla thunderbird 0.3 |
||
mozilla thunderbird 0.4 |
||
mozilla thunderbird 0.7.2 |
||
mozilla thunderbird 0.7.3 |
||
mozilla thunderbird 0.5 |
||
mozilla thunderbird 0.6 |
||
mozilla thunderbird 1.0.1 |
||
mozilla thunderbird 1.0.2 |
||
mozilla thunderbird 1.0.5 |
||
mozilla thunderbird 0.8 |
||
mozilla thunderbird 0.9 |
||
mozilla thunderbird 1.0.6 |
||
mozilla thunderbird |
||
mozilla thunderbird 0.1 |
||
mozilla thunderbird 0.2 |