Thunderbird和SeaMonkey mailnews信息泄露漏洞

BUGTRAQ ID: 32363 Thunderbird和SeaMonkey是Mozilla所发布的邮件和新闻组客户端。 Thunderbird和SeaMonkey允许JavaScript访问.documentURI和.textContent DOM属性，这可能导致泄露邮件消息中的敏感信息。 如果收件人在邮件中允许JavaScript的话，则将恶意邮件转发给该收件人的时候，邮件消息中的脚本就可以访问转发者所添加的评注；如果该邮件消息还允许加载远程内容的话，就可能将所访问到的信息泄露给原始作者。 Mozilla Thunderbird 2.0.0.18 Mozilla SeaMonkey...

Script access to .documentURI and .textContent in mail — Mozilla

Mozilla developer Boris Zbarsky reported that a malicious mail message might be able to glean personal information about the recipient from the mailbox URI such as computer account name if the mail recipient has enabled JavaScript in mail. If a malicious mail is forwarded "in-line" to a recipient...