Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-3385

Опубликовано: 23 мар. 2010
Источник: ubuntu
Приоритет: medium
CVSS2: 7.1

Описание

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

РелизСтатусПримечание
dapper

DNE

devel

not-affected

2.0.4+nobinonly-0ubuntu1
hardy

released

2.0.8+build1+nobinonly-0ubuntu0.8.04.1
intrepid

ignored

end of life, was needed
jaunty

released

2.0.8+build1+nobinonly-0ubuntu0.9.04.1
karmic

released

2.0.8+build1+nobinonly-0ubuntu0.9.10.1
lucid

released

2.0.8+build1+nobinonly-0ubuntu0.10.04.1
upstream

released

1.1.19

Показывать по

Ссылки на источники

7.1 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2009-3385

redhat
около 16 лет назад

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

nvd логотип

CVE-2009-3385

nvd
больше 15 лет назад

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

debian логотип

CVE-2009-3385

debian
больше 15 лет назад

The mail component in Mozilla SeaMonkey before 1.1.19 does not properl ...

github логотип

GHSA-wj9q-fjc4-6whp

github
больше 3 лет назад

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

7.1 High

CVSS2