Mozilla Products Information Disclosure Vulnerability (Win) Network Vulnerability

Summary

The host is installed with Thunderbird/Seamonkey and is prone to Information Disclosure vulnerability.

Impact

Successful exploitation will let the attackers obtain the mailbox URI of the recipient or disclose comments placed in a forwarded email. Impact Level: Application

Solution

Upgrade to Seamonkey version 1.1.13 or later http://www.seamonkey-project.org/releases Upgrade to Thunderbird version 2.0.0.18 or later http://www.mozillamessaging.com/en-US/thunderbird/all.html

Insight

A flaw exists in the JavaScript code embedded in mailnews which can be exploited using scripts which read the '.documentURI' or '.textContent' DOM properties.

Affected

Seamonkey version prior to 1.1.13 and Thunderbird version prior to 2.0.0.18 on Windows.

References

http://secunia.com/advisories/32714
http://secunia.com/advisories/32715
http://www.mozilla.org/security/announce/2008/mfsa2008-59.html
http://xforce.iss.net/xforce/xfdb/46734

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6961

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
Apache Error Log Escape Sequence Injection
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)

Take action and discover your vulnerabilities