SMTP: Mozilla Thunderbird IFRAME JavaScript Remote JavaScript Execution

This signature detects the transmission of an e-mail crafted to bypass JavaScript security restrictions in Mozilla Thunderbird. This e-mail can lead to arbitrary code execution or crash the client.

Extended Description

Multiple Mozilla products are prone to a script-execution vulnerability. The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client. The following mozilla products are vulnerable to this issue: - Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8 - Mozilla SeaMonkey, versions prior to 1.0.1 - Mozilla Suite, versions prior to 1.7.13

Affected Products

Mozilla thunderbird

References

BugTraq: 16770

CVE: CVE-2006-0884

Short Name
SMTP:MAL:TBIRD-JAVASCRIPT
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
CVE-2006-0884 Execution IFRAME JavaScript Mozilla Remote Thunderbird bid:16770
Release Date
05/16/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Red_hat

Suse

Gentoo

Sun

Mozilla

Ubuntu

Mandriva

Debian

CVSS Score

9.3

Found a potential security threat?