5/16/2023 0 Comments Wiretap anywhere alternative![]() Mozilla Thunderbird 17.0.6 - Latest Release Successful exploitation of the vulnerability may result in malicious script code being executed in the victims browser resulting in script code injection, persistent phishing, Client side redirects and similar client side attacks. The persistent code injection vulnerability is located within the main application.Įxploitation of this persistent application vulnerability requires a low or medium user interaction. These sort of vulnerabilities can result in multiple attack vectors on the client end which may eventually result in complete compromise of the end user system. I was able to run multiple scripts generating strange behaviour on the application which can be seen in the debugging errors which I have attached along with this report. For a POC i will be including multiple examples in this advisory for your review. Interestingly the payload gets filtered during the initial viewing mode however if the victim clicks on Reply or Forward, the exploit gets executed successfully. ![]() The exploit gets triggered once the victim decides to reply back and clicks on the \'Reply\' or \'Forward\' Buttons.Īfter successfully bypassing the input filters, an attacker can inject persistent script code while writing a new email and send it to victims. (script / frame) within the emails and send it to the victims. Most of the information revealed is Javascript errors which gave the researcher much hope in believing that the application might actually be vulnerable.īy default, HTML tags like and are blocked in Thunderbird and get filtered immediately upon insertion however, While drafting a new email message, attackers can easily bypass the current input filters by encoding their payloads with base64 encryption and using the tag and insert malicious scripts / code eg. exe file revealed some very interesting information and gave much better insight behind the actual working of the application. During the testing, it was initially noticed that malicious javascript tags were being filtered / blocked in the Thunderbird application however, Attaching a debugger with the Thunderbird. It has been discovered that the security controls / filters currently being used in Mozilla Thunderbird application can be easily evaded if an attacker decides to encrypt the payloads with base64 encryption and combine it with the tag. Product: Thunderbird - EMail Application 17.0.6 : Public Disclosure (Vulnerability Laboratory) : Vendor Fix/Patch (Mozilla - Developer Team) : Vendor Response/Feedback (Mozilla - Security Incident Team) : Vendor Notification (Mozilla - Security Incident Team) : Researcher Notification
0 Comments
Leave a Reply. |