It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server 6.0 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
mozilla thunderbird |