Summary
The host is installed with Mozilla Seamonkey browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in bypassing certain security restrictions, information disclosures, JavaScript code executions which can be executed with the privileges of the signed users.
Impact Level: System/Application
Solution
Upgrade to Seamonkey version 1.1.15
http://www.seamonkey-project.org/releases
Insight
Multiple flaws due to,
- Vectors related to the layout engine and destruction of arbitrary layout objects by the 'nsViewManager::Composite' function.
- Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader.
Affected
Seamonkey version prior to 1.1.15 on Windows.
References
Severity
Classification
-
CVE CVE-2009-0352, CVE-2009-0353, CVE-2009-0356, CVE-2009-0357 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities