Summary
The host is installed with Thunderbird/Seamonkey and is prone to Information Disclosure vulnerability.
Impact
Successful exploitation will let the attackers obtain the mailbox URI of the recipient or disclose comments placed in a forwarded email.
Impact Level: Application
Solution
Upgrade to Seamonkey version 1.1.13 or later
http://www.seamonkey-project.org/releases
Upgrade to Thunderbird version 2.0.0.18 or later
http://www.mozillamessaging.com/en-US/thunderbird/all.html
Insight
A flaw exists in the JavaScript code embedded in mailnews which can be exploited using scripts which read the '.documentURI' or '.textContent' DOM properties.
Affected
Seamonkey version prior to 1.1.13 and
Thunderbird version prior to 2.0.0.18 on Linux.
References
Severity
Classification
-
CVE CVE-2008-6961 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
- Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)