Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2008-6961

Date: August 13, 2009

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

Severity Score

Related Resources (10)

http://www.securityfocus.com/bid/32363
http://www.mozilla.org/security/announce/2008/mfsa2008-59.html
https://bugzilla.mozilla.org/show_bug.cgi?id=458883
http://secunia.com/advisories/32715
http://secunia.com/advisories/32714
https://nvd.nist.gov/vuln/detail/CVE-2008-6961
https://exchange.xforce.ibmcloud.com/vulnerabilities/46734
http://www.securitytracker.com/id?1021247
https://people.canonical.com/~ubuntu-security/cve/CVE-2008-6961
https://www.mend.io/vulnerability-database/CVE-2008-6961

Severity Score

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us