Mozilla Seamonkey Multiple Vulnerabilities-01 (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to conduct cross site scripting attacks, cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unspecified vectors. Impact Level: System/Application

Solution

Upgrade to SeaMonkey version to 2.13 or later, http://www.mozilla.org/projects/seamonkey

Insight

The flaws are due to - memory corruption issues - An error within Chrome Object Wrapper (COW) when handling the 'InstallTrigger' object can be exploited to access certain privileged functions and properties. - Use-after-free in the IME State Manager code. - combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. - Several methods of a feature used for testing (DOMWindowUtils) are not protected by existing security checks, allowing these methods to be called through script by web pages. - An error when GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. - An issue with spoofing of the location property. - Use-after-free, buffer overflow, and out of bounds read issues. - The location property can be accessed by binary plugins through top.location and top can be shadowed by Object.define Property as well. This can allow for possible XSS attacks through plugins. - several memory safety bugs in the browser engine used in mozilla products.

Affected

SeaMonkey versions before 2.13 on Windows

References

Updated on 2015-03-25

Severity

Classification

Related Vulnerabilities

Take action and discover your vulnerabilities