CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
mozillaseamonkey
𝑥
≤ 1.1.18
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillaseamonkey
1.1.14
mozillaseamonkey
1.1.15
mozillaseamonkey
1.1.16
mozillaseamonkey
1.1.17
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
seamonkey
lucid
Fixed 2.0.8+build1+nobinonly-0ubuntu0.10.04.1
released
karmic
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.10.1
released
jaunty
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.04.1
released
intrepid
ignored
hardy
Fixed 2.0.8+build1+nobinonly-0ubuntu0.8.04.1
released
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/39001
http://www.mozilla.org/security/announce/2010/mfsa2010-06.html
http://www.securityfocus.com/bid/38830
http://www.vupen.com/english/advisories/2010/0648
https://bugzilla.mozilla.org/show_bug.cgi?id=371976
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10271
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/39001
http://www.mozilla.org/security/announce/2010/mfsa2010-06.html
http://www.securityfocus.com/bid/38830
http://www.vupen.com/english/advisories/2010/0648
https://bugzilla.mozilla.org/show_bug.cgi?id=371976
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10271