CVE-2009-3385Mozilla Seamonkey vulnerability

CWE-2645 documents5 sources
Severity
7.1HIGHNVD
EPSS
1.4%
top 19.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Seamonkey
Timeline
PublishedMar 23
Latest updateMay 2

Description

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDmozilla/seamonkey1.1.18+28

Patches

Patch: www.vupen.comPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-wj9q-fjc4-6whp: The mail component in Mozilla SeaMonkey before 12022-05-02
CVEList
CVE-2009-3385: The mail component in Mozilla SeaMonkey before 12010-03-22

📋Vendor Advisories

1
Red Hat
SeaMonkey scriptable plugin execution in mail (mfsa2010-06)2009-10-27

💬Community

1
Bugzilla
CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)2009-10-21
CVE-2009-3385 — Mozilla Seamonkey vulnerability | cvebase