CVE-2008-6961

EUVD-2008-6920
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
mozillaseamonkey
𝑥
≤ 1.1.12
mozillaseamonkey
1.0
mozillaseamonkey
1.0
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.0.99
mozillaseamonkey
1.1
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillathunderbird
𝑥
≤ 2.0.0.17
mozillathunderbird
0.1
mozillathunderbird
0.2
mozillathunderbird
0.3
mozillathunderbird
0.4
mozillathunderbird
0.5
mozillathunderbird
0.6
mozillathunderbird
0.7
mozillathunderbird
0.7.1
mozillathunderbird
0.7.2
mozillathunderbird
0.7.3
mozillathunderbird
0.8
mozillathunderbird
0.9
mozillathunderbird
1.0
mozillathunderbird
1.0.1
mozillathunderbird
1.0.2
mozillathunderbird
1.0.3
mozillathunderbird
1.0.4
mozillathunderbird
1.0.5
mozillathunderbird
1.0.5:beta
mozillathunderbird
1.0.7
mozillathunderbird
1.0.8
mozillathunderbird
1.5
mozillathunderbird
1.5:beta2
mozillathunderbird
1.5.0.1
mozillathunderbird
1.5.0.2
mozillathunderbird
1.5.0.3
mozillathunderbird
1.5.0.4
mozillathunderbird
1.5.0.5
mozillathunderbird
1.5.0.6
mozillathunderbird
1.5.0.7
mozillathunderbird
1.5.0.8
mozillathunderbird
1.5.0.9
mozillathunderbird
1.5.0.10
mozillathunderbird
1.5.0.11
mozillathunderbird
1.5.0.12
mozillathunderbird
1.5.0.13
mozillathunderbird
1.5.0.14
mozillathunderbird
1.5.1
mozillathunderbird
1.5.2
mozillathunderbird
1.7.1
mozillathunderbird
1.7.3
mozillathunderbird
2.0
mozillathunderbird
2.0.0.0
mozillathunderbird
2.0.0.1
mozillathunderbird
2.0.0.2
mozillathunderbird
2.0.0.3
mozillathunderbird
2.0.0.4
mozillathunderbird
2.0.0.5
mozillathunderbird
2.0.0.6
mozillathunderbird
2.0.0.7
mozillathunderbird
2.0.0.8
mozillathunderbird
2.0.0.9
mozillathunderbird
2.0.0.11
mozillathunderbird
2.0.0.12
mozillathunderbird
2.0.0.13
mozillathunderbird
2.0.0.14
mozillathunderbird
2.0.0.15
mozillathunderbird
2.0.0.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mozilla-thunderbird
dapper
ignored
hardy
dne
intrepid
dne
jaunty
dne
seamonkey
dapper
dne
hardy
Fixed 1.1.15+nobinonly-0ubuntu0.8.04.2
released
intrepid
Fixed 1.1.15+nobinonly-0ubuntu0.8.10.2
released
jaunty
not-affected
thunderbird
dapper
dne
hardy
Fixed 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1
released
jaunty
Fixed 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/32714
http://secunia.com/advisories/32715
http://www.mozilla.org/security/announce/2008/mfsa2008-59.html
http://www.securityfocus.com/bid/32363
http://www.securitytracker.com/id?1021247
https://bugzilla.mozilla.org/show_bug.cgi?id=458883
https://exchange.xforce.ibmcloud.com/vulnerabilities/46734
http://secunia.com/advisories/32714
http://secunia.com/advisories/32715
http://www.mozilla.org/security/announce/2008/mfsa2008-59.html
http://www.securityfocus.com/bid/32363
http://www.securitytracker.com/id?1021247
https://bugzilla.mozilla.org/show_bug.cgi?id=458883
https://exchange.xforce.ibmcloud.com/vulnerabilities/46734