Vulnerability Description
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Seamonkey | <= 1.1.12 |
| Mozilla | Thunderbird | <= 2.0.0.17 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32714Vendor Advisory
- http://secunia.com/advisories/32715Vendor Advisory
- http://www.mozilla.org/security/announce/2008/mfsa2008-59.htmlVendor Advisory
- http://www.securityfocus.com/bid/32363
- http://www.securitytracker.com/id?1021247
- https://bugzilla.mozilla.org/show_bug.cgi?id=458883
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46734
- http://secunia.com/advisories/32714Vendor Advisory
- http://secunia.com/advisories/32715Vendor Advisory
- http://www.mozilla.org/security/announce/2008/mfsa2008-59.htmlVendor Advisory
- http://www.securityfocus.com/bid/32363
- http://www.securitytracker.com/id?1021247
- https://bugzilla.mozilla.org/show_bug.cgi?id=458883
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46734
FAQ
What is CVE-2008-6961?
CVE-2008-6961 is a vulnerability with a CVSS score of 4.3 (MEDIUM). mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comment...
How severe is CVE-2008-6961?
CVE-2008-6961 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6961?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Seamonkey, Mozilla Thunderbird.