EUVD-2009-3367

Malware in sbrugna...

SUSE CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

SUSE CVE-2012-4540

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly execute arbitrary cod...

Information Disclosure

seamonkey is vulnerable to information disclosure. The scriptable plugin content allows remote attackers to obtain confidential information via malicious content in an IFRAME element in an HTML email message...

SuSE9 Security Update : epiphany (YOU Patch Number 12616)

This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. The following security issues are fixed : - Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be...

Mozilla Foundation Security Advisory 2010-06

You are here: Security Center Mozilla Foundation Security Advisories MFSA 2010-06 Mozilla Foundation Security Advisory 2010-06 Title: Scriptable plugin execution in SeaMonkey mail Impact: Critical Announced: March 16, 2010 Reporter: Georgi Guninski Products: SeaMonkey Fixed in: SeaMonkey 1.1.19...

CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

CVE-2009-3385

CVE-2009-3385 affects Mozilla SeaMonkey prior to 1.1.19. The vulnerability lies in the mail/HTML rendering component where scriptable plugin content (e.g., Flash) could be loaded and executed inside an iframe in HTML emails. This could allow a user-assisted attacker to access sensitive data or lo...

Mozilla SeaMonkey < 1.1.19 Multiple Vulnerabilities

Binary data 801348.prm...

SeaMonkey < 1.1.19 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.19. Such versions are potentially affected by the following security issues : - The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. MFSA 2009-49 - A...

SeaMonkey < 1.1.19 Multiple Vulnerabilities

Binary data 5479.prm...

Scriptable plugin execution in SeaMonkey mail — Mozilla

Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded...

SeaMonkey scriptable plugin execution in mail (mfsa2010-06)

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...