What is CVE-2013-6674?

CVE-2013-6674 is a vulnerability in Mozilla Seamonkey, classified under Cross-site Scripting. Published 2014-02-17.

Is CVE-2013-6674 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Mozilla Seamonkey

CVE-2013-6674

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.475 (97.8th percentile) — read the EPSS interpretation.

Affected products

Mozilla Seamonkey — versions 1.0, 1.0.1, 1.0.2
Mozilla Thunderbird — versions 17.0, 17.0.1, 17.0.2
Mozilla Thunderbird_esr — versions 17.0, 17.0.1, 17.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

USN-2119-1 (x_refsource_UBUNTU, vendor-advisory)
20140127 Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)
102566 (x_refsource_OSVDB, vdb-entry)
1029773 (vdb-entry, x_refsource_SECTRACK)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
VU#863369 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
security@mozilla.org (Exploit, x_refsource_MISC)
1029774 (vdb-entry, x_refsource_SECTRACK)
security@mozilla.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2013-6674?: CVE-2013-6674 is a vulnerability in Mozilla Seamonkey, classified under Cross-site Scripting. Published 2014-02-17.
Is CVE-2013-6674 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.