XSS in Mozilla Seamonkey
CVE-2014-2018
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.007 (73.2th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Seamonkey — versions 1.0, 1.0.1, 1.0.2
- Mozilla Thunderbird — versions 17.0, 17.0.1, 17.0.2
- Mozilla Thunderbird_esr — versions 17.0, 17.0.1, 17.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 1029773 (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- VU#863369 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
- cve@mitre.org (x_refsource_MISC)
- 1029774 (vdb-entry, x_refsource_SECTRACK)