CVE-2008-6961

medium

Description

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46734

https://bugzilla.mozilla.org/show_bug.cgi?id=458883

http://www.securitytracker.com/id?1021247

http://www.securityfocus.com/bid/32363

http://www.mozilla.org/security/announce/2008/mfsa2008-59.html

http://secunia.com/advisories/32715

http://secunia.com/advisories/32714

Details

Source: Mitre, NVD

Published: 2009-08-13

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00651