CVE-2008-6961Sensitive Information Exposure in Mozilla Seamonkey

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 29.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedAug 13
Latest updateMay 14

Description

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/seamonkey1.1.12+15
NVDmozilla/thunderbird2.0.0.17+56

🔴Vulnerability Details

2
GHSA
GHSA-77gj-ppr3-52m7: mailnews in Mozilla Thunderbird before 22022-05-14
CVEList
CVE-2008-6961: mailnews in Mozilla Thunderbird before 22009-08-13
CVE-2008-6961 — Sensitive Information Exposure | cvebase