Summary
The host is installed with Mozilla Seamonkey browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in bypassing certain security restrictions, information disclosures, JavaScript code executions which can be executed with the privileges of the signed users.
Impact Level: System/Application
Solution
Upgrade to Seamonkey version 1.1.15
http://www.seamonkey-project.org/releases
Insight
Multiple flaws due to,
- Vectors related to the layout engine and destruction of arbitrary layout objects by the 'nsViewManager::Composite' function.
- Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader.
Affected
Seamonkey version prior to 1.1.15 on Linux.
References
Severity
Classification
-
CVE CVE-2009-0352, CVE-2009-0353, CVE-2009-0356, CVE-2009-0357 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- AjaXplorer zoho plugin Directory Traversal Vulnerability
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities