Skip to content
appaloosa scout logo main rounded
N/A

CVE-2014-2018

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

EPSS 0.7% percentile 72.9%

Affected tracked apps

Thunderbird
winget:Mozilla.Thunderbird
1 open

Vulnerable CPE configurations

Vendor Product Platform Versions CPE 2.3 URI
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.7:*:*:*:*:*:*:*
mozilla thunderbird Windows cpe:2.3:a:mozilla:thunderbird:17.0.8:*:*:*:*:*:*:*
View on NVD ↗