Summary
This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version to 2.14 or later,
http://www.mozilla.org/projects/seamonkey
Insight
- The 'location' property can be accessed through 'top.location' with a frame whose name attributes value is set to 'top'.
- Use-after-free error exists within the functions 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry', 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.
- An error within the 'evalInSandbox()' when handling the 'location.href' property.
- Error when rendering GIF images.
Affected
SeaMonkey version before 2.14 on Mac OS X
References
- http://secunia.com/advisories/51358
- http://securitytracker.com/id?1027791
- http://securitytracker.com/id?1027792
- http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
- http://www.osvdb.org/87581
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - December12 (Windows)
- Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)