Summary
This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version to 2.14 or later,
http://www.mozilla.org/projects/seamonkey
Insight
- The 'location' property can be accessed through 'top.location' with a frame whose name attributes value is set to 'top'.
- Use-after-free error exists within the functions 'nsTextEditorState::PrepareEditor', 'gfxFont::GetFontEntry', 'nsWindow::OnExposeEvent' and 'nsPlaintextEditor::FireClipboardEvent'.
- An error within the 'evalInSandbox()' when handling the 'location.href' property.
- Error when rendering GIF images.
Affected
SeaMonkey version before 2.14 on Windows
References
- http://secunia.com/advisories/51358
- http://securitytracker.com/id?1027791
- http://securitytracker.com/id?1027792
- http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
- http://www.osvdb.org/87581
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Flash Media Server Multiple Remote Security Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)