Mozilla : Security Vulnerabilities, CVEs, Published In February 2014 (XSS)
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-02-17
Updated
2016-10-04
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Max CVSS
4.3
EPSS Score
94.20%
Published
2014-02-17
Updated
2015-08-07
2 vulnerabilities found