VULHUB ™

Mozilla Thunderbird's WYSIWYG rendering engine insufficiently filters javascript scripts. It is possible to write javascript in the SRC attribute of the IFRAME tag. This leads to execution when the email is edited (for instance when replying to the email), even if javascript is disabled in the preferences. Versions 1.0.7 and below are affected.

Mozilla Thunderbird's WYSIWYG rendering engine insufficiently filters javascript scripts. It is possible to write javascript in the SRC attribute of the IFRAME tag. This leads to execution when the email is edited (for instance when replying to the email), even if javascript is disabled in the preferences. Versions 1.0.7 and below are affected.