Mozilla Thunderbird vulnerability
Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails. According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user’s machine.
Mozilla Thunderbird 17.0.6 email application is vulnerable to critical validation and filter bypass vulnerability, enables an attacker to bypass the filter that prevents HTML tags from being used in messages.
According to a Security Advisory released by Vulnerability-Lab, the flaw resides in Mozilla’s Gecko engine. During the testing, the researchers found many java script errors which gave the researcher much hope in believing that the application might actually be vulnerable.
The malicious code can be injected while creating a new message, inside the email signature or use the attached file with Signature.