U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Discovered a serious vulnerability in Mozilla Thunderbird

A serious vulnerability inside Mozilla Thunderbird Gecko engine allows hackers to insert malicious code into Emails to exploit recipient browser. A critical vulnerability affects the email client Mozilla Thunderbird 17.0.6, the popular application has a validation and filter bypass vulnerability that could be exploited by hackers to bypass the filter that prevents HTML tags from being used in […]

Thunderbird

A serious vulnerability inside Mozilla Thunderbird Gecko engine allows hackers to insert malicious code into Emails to exploit recipient browser.

A critical vulnerability affects the email client Mozilla Thunderbird 17.0.6, the popular application has a validation and filter bypass vulnerability that could be exploited by hackers to bypass the filter that prevents HTML tags from being used in messages.

This category of vulnerabilities is very insidious, the attackers could exploit it remotely to execute malicious code in the victim’s browser.

The flaw in the Mozilla Thunderbird was discovered by Vulnerability-Lab that issued a Security Advisory, the vulnerability affects Mozilla Gecko engine. Gecko is an open source layout engine used in many applications developed by the Mozilla Foundation and the Mozilla Corporation, the security analysts discovered different Java script errors that could be exploitable by attackers. 
The default behavior for Thunderbird is to block HTML tags, including <iframe> and <script>, the engine filter them, but the hacker can bypass validation filters by encoding their payloads with base64 encryption and combine it with the <object> tag.

“In 2013 Q3 the researcher ateeq ur rehman khan from pakistan karachi reported a remote vulnerability in the official mozilla thunderbird. The issue has been reported with responsible disclosure to the official mozilla corporation bug bounty program. 3 year ago the same problem came up in another location of the thunderbird software application called wiretap. The remote vulnerability has been patched in January after the verification procedure of the mozilla corporation in thunderbird 24. x version.” is reported the Technical Details & Description section of the advisory. 

The malicious code could be injected during the email creation, as part of the body, or signature or using a signed attachment and it is triggered on the victim’s machine when a user replies to the message or forward it.
mozilla thunderbird flaw
“The persistent code injection vulnerability is located within the main application.” said the from the Vulnerability Lab
Following a video POC on the vulnerability in the Mozilla Thunderbird.

The flaw was already fixed in the last version of the open source email client (24.2.0), Mozilla Thunderbird users are warned, they must update it as soon as possible.

Pierluigi Paganini

(Security Affairs –  Mozilla Thunderbird, hacking)