MUST READ

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60

 | 

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Discovered a serious vulnerability in Mozilla Thunderbird

Pierluigi Paganini January 29, 2014

A serious vulnerability inside Mozilla Thunderbird Gecko engine allows hackers to insert malicious code into Emails to exploit recipient browser.

A critical vulnerability affects the email client Mozilla Thunderbird 17.0.6, the popular application has a validation and filter bypass vulnerability that could be exploited by hackers to bypass the filter that prevents HTML tags from being used in messages.

This category of vulnerabilities is very insidious, the attackers could exploit it remotely to execute malicious code in the victim’s browser.

The flaw in the Mozilla Thunderbird was discovered by Vulnerability-Lab that issued a Security Advisory, the vulnerability affects Mozilla Gecko engine. Gecko is an open source layout engine used in many applications developed by the Mozilla Foundation and the Mozilla Corporation, the security analysts discovered different Java script errors that could be exploitable by attackers. 
The default behavior for Thunderbird is to block HTML tags, including <iframe> and <script>, the engine filter them, but the hacker can bypass validation filters by encoding their payloads with base64 encryption and combine it with the <object> tag.

“In 2013 Q3 the researcher ateeq ur rehman khan from pakistan karachi reported a remote vulnerability in the official mozilla thunderbird. The issue has been reported with responsible disclosure to the official mozilla corporation bug bounty program. 3 year ago the same problem came up in another location of the thunderbird software application called wiretap. The remote vulnerability has been patched in January after the verification procedure of the mozilla corporation in thunderbird 24. x version.” is reported the Technical Details & Description section of the advisory. 

The malicious code could be injected during the email creation, as part of the body, or signature or using a signed attachment and it is triggered on the victim’s machine when a user replies to the message or forward it.
mozilla thunderbird flaw
“The persistent code injection vulnerability is located within the main application.” said the from the Vulnerability Lab
Following a video POC on the vulnerability in the Mozilla Thunderbird.

The flaw was already fixed in the last version of the open source email client (24.2.0), Mozilla Thunderbird users are warned, they must update it as soon as possible.

Pierluigi Paganini

(Security Affairs –  Mozilla Thunderbird, hacking)

advanced persistent threats data breach Hacking Mozilla Thunderbird patch management

you might also like

Pierluigi Paganini September 05, 2025
Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation
Read more
Pierluigi Paganini September 05, 2025
U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Hacking / September 05, 2025

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

Breaking News / September 05, 2025

SVG files used in hidden malware campaign impersonating Colombian authorities

Malware / September 05, 2025

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

Laws and regulations / September 05, 2025

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

Cyber warfare / September 04, 2025