CVE-2008-6961

Publication date 13 August 2009

Last updated 24 July 2024

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mozilla-thunderbird	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Ignored end of life
seamonkey	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 1.1.15+nobinonly-0ubuntu0.8.10.2
	8.04 LTS hardy	Fixed 1.1.15+nobinonly-0ubuntu0.8.04.2
	6.06 LTS dapper	Not in release
thunderbird	9.04 jaunty	Fixed 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1
	8.10 intrepid	Fixed 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-6961