Multiple Vendor Email Client JavaScript Information Leakage Vulnerability

Multiple Vendor Email Client JavaScript Information Leakage Vulnerability

A vulnerability has been discovered in multiple HTML-enabled email clients. Specifically, the problem occurs when JavaScript is fully supported by the client. By using standard JavaScript Document Object Model (DOM) access it may be possible for an attacker to log information added to emails containing the original HTML. By using other HTML and JavaScript funcitonality to transmit the information to the attacker, an attacker could monitor contents of all forwarded messages.

This issue has been confirmed to exist in multiple clients including Microsoft Outlook 2000 and Netscape Navigator 6.0.