A serious vulnerability inside Mozilla Thunderbird Gecko engine allows hackers to insert malicious code into Emails to exploit recipient browser.
A critical vulnerability affects the email client Mozilla Thunderbird 17.0.6, the popular application has a validation and filter bypass vulnerability that could be exploited by hackers to bypass the filter that prevents HTML tags from being used in messages.
This category of vulnerabilities is very insidious, the attackers could exploit it remotely to execute malicious code in the victim’s browser.
“In 2013 Q3 the researcher ateeq ur rehman khan from pakistan karachi reported a remote vulnerability in the official mozilla thunderbird. The issue has been reported with responsible disclosure to the official mozilla corporation bug bounty program. 3 year ago the same problem came up in another location of the thunderbird software application called wiretap. The remote vulnerability has been patched in January after the verification procedure of the mozilla corporation in thunderbird 24. x version.” is reported the Technical Details & Description section of the advisory.
“The persistent code injection vulnerability is located within the main application.” said the from the Vulnerability Lab
(Security Affairs – Mozilla Thunderbird, hacking)