CVE-2008-6961
Published: 13 August 2009
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
Priority
Status
Package | Release | Status |
---|---|---|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(1.1.15+nobinonly-0ubuntu0.8.04.2)
|
|
intrepid |
Released
(1.1.15+nobinonly-0ubuntu0.8.10.2)
|
|
jaunty |
Not vulnerable
(1.1.15+nobinonly-0ubuntu2)
|
|
upstream |
Released
(1.1.13)
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1)
|
|
upstream |
Released
(2.0.0.18)
|