2014-02-17 23:55:04 2015-08-07 19:41:45

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
IBM solidDB 6.5.12 IBM solidDB 6.1 IBM Sterling Connect:Direct 4.1.0.3 IBM Sterling Connect:Direct Browser User Interface 1.4.0.0 IBM SPSS SamplePower 3.0.1.0 IBM SPSS Modeler 14.2.0.2 (Fix Pack 2) IBM SPSS Modeler 14.0.0.1 (Fix Pack 1) IBM SPSS Collaboration and Deployment Services 6.0.0.0 IBM Storwize V3700 Sterling B2B Integrator 5.1 IBM SPSS Modeler 14.2.0.1 (Fix Pack 1) IBM SPSS Collaboration and Deployment Services 5.0.2 IBM Storwize V3700 software 6.4.1.0 IBM SPSS Modeler 14.2.0.0 IBM SPSS Data Collection 7.0 IBM SPSS Collaboration and Deployment Services 5.0.1 IBM SPSS SamplePower 3.0.1.1 IBM SPSS Modeler 14.0.0.2 (Fix Pack 2) IBM SPSS Collaboration and Deployment Services 5.0.0.3 IBM Storwize V7000 software 7.2.0.2 IBM SPSS Collaboration and Deployment Services 5.0.0.2 IBM SPSS Collaboration and Deployment Services 4.2.1.2 IBM SPSS Collaboration and Deployment Services 4.1.1.2 IBM solidDB 6.5.0.6 (Fix Pack 6) IBM Storwize V7000 software 7.2.0.1 IBM SPSS SamplePower 3.0.0.0 IBM SPSS Modeler 14.0.0.0 IBM solidDB 6.5.0.5 (Fix Pack 5) IBM Storwize V7000 software 7.2.0.0 Mozilla Thunderbird 17.0.8 (not an official CPE) IBM SPSS Data Collection 6.0.1.1 (FixPack 1) IBM SPSS Collaboration and Deployment Services 4.2.1.3 IBM SPSS Collaboration and Deployment Services 4.1.1.3 IBM SPSS Collaboration and Deployment Services 4.2.1.1 IBM Storwize V7000 Unified IBM Storwize V7000 software 7.2.0.3 IBM solidDB 4.5.168 IBM solidDB 6.0.1069 IBM Storwize V7000 software 7.1.0.7 IBM Storwize V7000 Unified Software 1.3.2.0 IBM Storwize V7000 Unified Software 1.3.0.0 IBM solidDB 4.5.173 Mozilla Thunderbird esr 17.0.9 (not an official CPE) Mozilla Thunderbird esr 17.0.8 (not an official CPE) IBM solidDB 6.1.20 IBM Storwize V3500 software 7.1.0.6 IBM solidDB 6.3.41 IBM solidDB 6.3.42 IBM SPSS Modeler 14.1.0.1 (Fix Pack 1) IBM Storwize V3500 software 7.2.0.3 IBM Storwize V3500 software 7.2.0.0 IBM Storwize V3500 software 7.2.0.1 IBM Sterling Connect:Enterprise HTTP Option 1.3.02 IBM solidDB 6.30.0044 (6.3 Fix Pack 6) IBM solidDB 6.3.44 IBM Sterling Connect:Direct Browser User Interface 1.5.0.1 IBM solidDB 6.30.0040 (6.3 Fix Pack 5) Sterling B2B Integrator 5.2 IBM Sterling Connect:Direct Browser User Interface 1.4.0.10 IBM Storwize V3500 software 7.1.0.5 IBM Storwize V3500 software 7.2.0.2 Sterling Sterling File Gateway IBM Sterling Connect:Enterprise HTTP Option 1.4.00 IBM solidDB 6.0.1066 IBM solidDB 6.0 IBM solidDB 4.5.178 IBM solidDB 6.0.1061 IBM solidDB 6.0.1060 IBM solidDB 6.0.1065 IBM solidDB 6.0.1064 IBM solidDB 6.3.31 IBM solidDB 6.3.37 (6.3 Fix Pack 3) IBM solidDB 6.3.38 IBM solidDB 6.3.33 (6.3 Fix Pack 2) IBM solidDB 6.3.34 IBM solidDB 6.3.39 IBM SPSS Collaboration and Deployment Services 5.0.0 IBM solidDB 6.3.40 IBM Sterling Secure Proxy 3.3.0.1 IBM Sterling Secure Proxy 3.2.0.0 IBM Sterling Order Management 8.5 IBM Sterling Control Center (SCC) 5.4.0.1 IBM SPSS Modeler 15.0.0.2 (Fix Pack 2) Sterling Sterling File Gateway 2.0 IBM Sterling Control Center (SCC) 5.3.0.1 IBM Sterling Connect:Direct 4.1.0.2 Sterling Sterling File Gateway 1.1 IBM Sterling Control Center (SCC) 5.3.0.4 IBM Sterling Control Center (SCC) 5.3.0 IBM Sterling Connect:Direct Browser User Interface 1.4.0.7 IBM Sterling Connect:Direct 4.1.0.1 IBM Sterling Control Center (SCC) 5.2.0.9 IBM Sterling Connect:Direct 4.1.0.0 IBM SPSS Modeler 16.0.0.0 IBM Sterling Control Center (SCC) 5.3.0.2 IBM Sterling Control Center (SCC) 5.2.0 IBM Sterling Connect:Direct Browser User Interface 1.4.0.3 Sterling B2B Integrator 5.2.4 IBM Sterling Control Center (SCC) 5.4.0 IBM Sterling Connect:Direct Browser User Interface 1.5.0.0 IBM Sterling B2B Integrator 5.2.2 IBM Sterling B2B Integrator 5.2.1 IBM Sterling Control Center (SCC) 5.3.0.3 IBM Sterling Connect:Direct Browser User Interface 1.4.0.6 IBM solidDB 4.5.167 IBM Sterling Connect:Direct Browser User Interface 1.4.0.2 IBM solidDB 6.30.0039 (6.3 Fix Pack 4) IBM solidDB 4.5.176 IBM solidDB 4.5.175 IBM solidDB 6.5.0.0 IBM solidDB 6.5.0.1 (Fix Pack 1) IBM solidDB 6.5.0.2 (Fix Pack 2) IBM SPSS Modeler 15.0.0.1 (Fix Pack 1) Sterling B2B Integrator 5.0 IBM SPSS Modeler 15.0.0.0 IBM SPSS Modeler 14.1.0.0 IBM solidDB 6.5.11 IBM SPSS Modeler 14.2.0.3 (Fix Pack 3) IBM SPSS Data Collection 6.0 IBM solidDB 6.3.56 IBM solidDB 6.3.55 IBM solidDB 6.5.0.3 (Fix Pack 4) IBM solidDB 6.5.0.3 (Fix Pack 3) IBM solidDB 6.3.48 IBM solidDB 6.3.47 IBM solidDB 6.3.52 IBM solidDB 6.3.49 IBM solidDB 6.3.54 IBM solidDB 6.3.53 IBM solidDB 6.5.0.7 (Fix Pack 7) IBM SPSS Analytic Server 1.0.0.0 IBM solidDB 7.0.0.3 IBM solidDB 6.5.14 IBM solidDB 6.5.13 IBM solidDB 7.0.0.2 IBM solidDB 7.0.0.1 IBM solidDB 7.0.0.0 IBM solidDB 7.0 IBM SPSS Collaboration and Deployment Services 4.1.1.1 IBM SPSS Analytical Decision Management 7.0.0.0 IBM SPSS Analytical Decision Management 7.0.0.1 IBM solidDB 6.3 IBM SPSS Analytical Decision Management 6.0.0.0 Mozilla Thunderbird esr 17.0.10 (not an official CPE) IBM SPSS Analytical Decision Management 6.1.0.0 IBM SPSS Analytical Decision Management 6.2.0.0 IBM solidDB 6.5.10 IBM solidDB 6.5.09 IBM solidDB 6.5.0.8 (Fix Pack 8) IBM solidDB 6.5 IBM SPSS Collaboration and Deployment Services 4.2.1 IBM SPSS Analytic Server 1.0.1.0 IBM SPSS Data Collection 6.0.1 IBM SPSS Collaboration and Deployment Services 5.0.0.1 IBM solidDB 4.5.169 IBM SPSS Modeler 16.0.0.1 (Fix Pack 1) IBM SPSS Modeler 14.1.0.2 (Fix Pack 2)