Summary
The host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross-site scripting, clickjacking attacks or cause a denial of service or possibly execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version 2.13 or later,
For updates refer to http://www.mozilla.org/projects/seamonkey
Insight
The flaws are due to
- An error while handling navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks.
- An invalid cast when using the instance of operator on certain types of JavaScript objects.
- An error when implementing the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
Affected
SeaMonkey versions before 2.13 on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-3984, CVE-2012-3985, CVE-2012-3989, CVE-2012-5354 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)