N/A

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

N/A

N/A

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird是美国Mozilla基金会的一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。 Mozilla Thunderbird 存在安全漏洞，该漏洞源于当收到包含iframe元素（该元素使用srcdoc属性来定义内部HTML文档）的HTML电子邮件时，嵌套文档中指定的远程对象（例如图像或视频）不会被阻止，而是访问网络，加载并显示对象。

N/A

N/A