CVE-2009-3385

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

References

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/39001

http://www.mozilla.org/security/announce/2010/mfsa2010-06.html

http://www.securityfocus.com/bid/38830

http://www.vupen.com/english/advisories/2010/0648

https://bugzilla.mozilla.org/show_bug.cgi?id=371976

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10271

Details

Source: MITRE

Published: 2010-03-23

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.1.18 (inclusive)

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
67949Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1531)NessusOracle Linux Local Security Checks
critical
46687openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)NessusSuSE Local Security Checks
critical
46686openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)NessusSuSE Local Security Checks
critical
46685SuSE9 Security Update : epiphany (YOU Patch Number 12616)NessusSuSE Local Security Checks
critical
45114FreeBSD : mozilla -- multiple vulnerabilities (56cfe192-329f-11df-abb2-000f20797ede)NessusFreeBSD Local Security Checks
critical
5479SeaMonkey < 1.1.19 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5479SeaMonkey < 1.1.19 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
45111SeaMonkey < 1.1.19 Multiple VulnerabilitiesNessusWindows
high
42296CentOS 3 / 4 : seamonkey (CESA-2009:1531)NessusCentOS Local Security Checks
critical
42288RHEL 3 / 4 : seamonkey (RHSA-2009:1531)NessusRed Hat Local Security Checks
critical