• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Thunderbird and SeaMonkey 'mailnews' Information Disclosure Vulnerability

Mozilla Thunderbird and SeaMonkey are prone to an information-disclosure vulnerability because they allow JavaScript to access certain DOM properties.

An attacker can exploit the issue to obtain sensitive 'mailnews' information such as the computer account name. Information harvested may aid in further attacks.

Versions prior to Mozilla Thunderbird 2.0.0.18 and SeaMonkey 1.1.13 are vulnerable.