New Search

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

oval:org.mitre.oval:def:10271

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 3
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 3
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2009-3385
Product(s):