CVE-2009-3385 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2009-3385?

CVE-2009-3385 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3385?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Seamonkey.

Vulnerability Description

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

CVSS Score

7.1

HIGH

AV:N/AC:M/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Seamonkey	<= 1.1.18

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2009-3385?

CVE-2009-3385 is a vulnerability with a CVSS score of 7.1 (HIGH). The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via...

How severe is CVE-2009-3385?

CVE-2009-3385 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3385?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Seamonkey.