Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2013-6674 First vendor Publication 2014-02-17
Vendor Cve Last vendor Modification 2015-08-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6674

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22122
 
Oval ID: oval:org.mitre.oval:def:22122
Title: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data
Description: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Family: windows Class: vulnerability
Reference(s): CVE-2013-6674
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23547
 
Oval ID: oval:org.mitre.oval:def:23547
Title: DEPRECATED: ELSA-2013:1823: thunderbird security update (Important)
Description: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Family: unix Class: patch
Reference(s): ELSA-2013:1823-04
CVE-2013-0772
CVE-2013-5609
CVE-2013-5612
CVE-2013-5613
CVE-2013-5614
CVE-2013-5616
CVE-2013-5618
CVE-2013-6671
CVE-2013-6674
Version: 42
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23580
 
Oval ID: oval:org.mitre.oval:def:23580
Title: ELSA-2013:1823: thunderbird security update (Important)
Description: Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Family: unix Class: patch
Reference(s): ELSA-2013:1823-04
CVE-2013-0772
CVE-2013-5609
CVE-2013-5612
CVE-2013-5613
CVE-2013-5614
CVE-2013-5616
CVE-2013-5618
CVE-2013-6671
CVE-2013-6674
Version: 41
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24272
 
Oval ID: oval:org.mitre.oval:def:24272
Title: USN-2119-1 -- thunderbird vulnerabilities
Description: Several security issues were fixed in Thunderbird.
Family: unix Class: patch
Reference(s): USN-2119-1
CVE-2014-1477
CVE-2014-1479
CVE-2014-1482
CVE-2014-1486
CVE-2014-1487
CVE-2014-1490
CVE-2014-1491
CVE-2014-1481
CVE-2013-6674
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Product(s): thunderbird
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 197
Application 9
Application 11

Snort® IPS/IDS

Date Description
2019-10-08 Mozilla Thunderbird input filter bypass cross site scripting attempt
RuleID : 51405 - Revision : 1 - Type : SERVER-MAIL

Nessus® Vulnerability Scanner

Date Description
2014-02-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2119-1.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-1823.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO
2013-09-19 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_24_0.nasl - Type : ACT_GATHER_INFO
2013-09-19 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_24.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Windows host contains a web browser that is potentially affected b...
File : seamonkey_220.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CERT-VN http://www.kb.cert.org/vuls/id/863369
CONFIRM http://www.mozilla.org/security/announce/2014/mfsa2014-14.html
https://bugzilla.mozilla.org/show_bug.cgi?id=868267
FULLDISC http://seclists.org/fulldisclosure/2014/Jan/182
MISC http://packetstormsecurity.com/files/124965/Mozilla-Thunderbird-Filter-Bypass...
OSVDB http://osvdb.org/102566
SECTRACK http://www.securitytracker.com/id/1029773
http://www.securitytracker.com/id/1029774
UBUNTU http://www.ubuntu.com/usn/USN-2119-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Date Informations
2021-05-04 12:28:44
  • Multiple Updates
2021-04-22 01:34:51
  • Multiple Updates
2020-05-24 01:12:51
  • Multiple Updates
2020-05-23 00:38:54
  • Multiple Updates
2017-11-21 12:04:52
  • Multiple Updates
2016-06-28 19:48:45
  • Multiple Updates
2016-04-26 23:54:01
  • Multiple Updates
2015-08-13 17:28:43
  • Multiple Updates
2015-08-07 21:26:26
  • Multiple Updates
2015-05-19 09:26:06
  • Multiple Updates
2014-11-11 13:25:56
  • Multiple Updates
2014-11-08 13:31:25
  • Multiple Updates
2014-03-06 13:24:08
  • Multiple Updates
2014-02-21 17:19:48
  • Multiple Updates
2014-02-21 13:21:08
  • Multiple Updates
2014-02-20 13:21:47
  • Multiple Updates
2014-02-19 00:19:20
  • Multiple Updates
2014-02-18 13:21:29
  • First insertion