Red Hat Customer Portal

Skip to main content

CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.

Details Source

Mitre

Public Date

2009-10-27 00:00:00

Impact

Critical

Bugzilla

CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)

Bugzilla ID

530 159

CVSS Status

verified

Base Score

5.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2009:1531 2009-10-27
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2009:1531 2009-10-27