NVD

Id
50589  
Name
CVE-2009-3385  
Description
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.  
Reject
 
CVSS Version
2  
CVSS Score
7.1  
Severity
High  
CVSS Base Score
7.1  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:N/A:N)  
Pub Date
2017-01-07  
Published
2010-03-22  
Modified Date
2010-08-21  
Seq
2009-3385  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
255805 50589 CVE-2009-3385 SUSE-SR:2010:013  View
255806 50589 CVE-2009-3385 oval:org.mitre.oval:def:10271  View
255807 50589 CVE-2009-3385 http://www.mozilla.org/security/announce/2010/mfsa2010-06.html  View
255808 50589 CVE-2009-3385 38830  View
255809 50589 CVE-2009-3385 ADV-2010-0648  View
255810 50589 CVE-2009-3385 https://bugzilla.mozilla.org/show_bug.cgi?id=371976  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
38526 JVNDB-2010-004311 Mozilla SeaMonkey の mail コンポーネントにおける重要な情報を取得される脆弱性 Mozilla SeaMonkey の mail コンポーネントは、スクリプト可能なプラグインコンテンツの実行を適切に制限しないため、重要な情報を取得される脆弱性が存在します。 CVE-2009-3385 40816 CVE-2009-3385 50589 7.1 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004311.html 2010-03-16 2012-09-25 View