Mozilla » Thunderbird » 1.5.2 : Security Vulnerabilities, CVEs, Published In 2009 (Information Leak)
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Max CVSS
7.1
EPSS Score
0.72%
Published
2009-03-05
Updated
2018-10-03
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
Max CVSS
4.3
EPSS Score
0.44%
Published
2009-08-13
Updated
2018-10-30
2 vulnerabilities found