Discovered a serious vulnerability in Mozilla Thunderbird

January 29, 2014  By Pierluigi Paganini


A serious vulnerability inside Mozilla Thunderbird Gecko engine allows hackers to insert malicious code into Emails to exploit recipient browser.

A critical vulnerability affects the email client Mozilla Thunderbird 17.0.6, the popular application has a validation and filter bypass vulnerability that could be exploited by hackers to bypass the filter that prevents HTML tags from being used in messages.

This category of vulnerabilities is very insidious, the attackers could exploit it remotely to execute malicious code in the victim’s browser.

The flaw in the Mozilla Thunderbird was discovered by Vulnerability-Lab that issued a Security Advisory, the vulnerability affects Mozilla Gecko engine. Gecko is an open source layout engine used in many applications developed by the Mozilla Foundation and the Mozilla Corporation, the security analysts discovered different Java script errors that could be exploitable by attackers. 
The default behavior for Thunderbird is to block HTML tags, including <iframe> and <script>, the engine filter them, but the hacker can bypass validation filters by encoding their payloads with base64 encryption and combine it with the <object> tag.

“In 2013 Q3 the researcher ateeq ur rehman khan from pakistan karachi reported a remote vulnerability in the official mozilla thunderbird. The issue has been reported with responsible disclosure to the official mozilla corporation bug bounty program. 3 year ago the same problem came up in another location of the thunderbird software application called wiretap. The remote vulnerability has been patched in January after the verification procedure of the mozilla corporation in thunderbird 24. x version.” is reported the Technical Details & Description section of the advisory. 

The malicious code could be injected during the email creation, as part of the body, or signature or using a signed attachment and it is triggered on the victim’s machine when a user replies to the message or forward it.
mozilla thunderbird flaw
“The persistent code injection vulnerability is located within the main application.” said the from the Vulnerability Lab
Following a video POC on the vulnerability in the Mozilla Thunderbird.

The flaw was already fixed in the last version of the open source email client (24.2.0), Mozilla Thunderbird users are warned, they must update it as soon as possible.

Pierluigi Paganini

(Security Affairs –  Mozilla Thunderbird, hacking)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Sponsored Content

  • PixFuture

  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    securityaffairs

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter


More Story

Hackers used Spear Phishing attack to hack CNN Blogs

 Security analysts at Intelligence firm InterCrawler published the details of the investigation on recent attack against CNN Blogs...