DescriptionThe mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2010:013, published Mon, 14 Jun 2010 13:00:00 +0000
- openSUSE-SU-2010:0273-1, published Wed, 19 May 2010 22:08:14 +0200 (CEST)
SUSE Timeline for this CVECVE page created: Fri Jun 28 07:19:48 2013
CVE page last modified: Fri Oct 7 12:45:49 2022