CVE-2008-6961

medium

Description

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

References

http://secunia.com/advisories/32714

http://secunia.com/advisories/32715

http://www.mozilla.org/security/announce/2008/mfsa2008-59.html

http://www.securityfocus.com/bid/32363

http://www.securitytracker.com/id?1021247

https://bugzilla.mozilla.org/show_bug.cgi?id=458883

https://exchange.xforce.ibmcloud.com/vulnerabilities/46734

Details

Source: MITRE

Published: 2009-08-13

Updated: 2018-10-30

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM