Mozilla Seamonkey Multiple Vulnerability July-08 (Win)

  1. Network Vulnerabilities
  2. General
  3. Mozilla Seamonkey Multiple Vulnerability July-08 (Win)
Summary
The host is installed with Mozilla Seamonkey, that is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary code execution, spoofing attacks, sensitive information disclosure, and JavaScript code can execute with the privileges of JAR's signer. Impact Level: System
Solution
Upgrade to Seamonkey version 1.1.10 or later http://www.seamonkey-project.org/releases/
Insight
Issues are due to, - multiple errors in the layout and JavaScript engines that can corrupt memory. - error while handling unprivileged XUL documents that can be exploited to load chrome scripts from a fastload file via <script> elements. - error in mozIJSSubScriptLoader.LoadScript function can bypass XPCNativeWrappers. - error in block re-flow process, which can potentially lead to crash. - error in processing file URLs contained within local directory listings. - errors in the implementation of the Javascript same origin policy - errors in the verification of signed JAR files. - improper implementation of file upload forms result in uploading specially crafted DOM Range and originalTarget elements. - error in Java LiveConnect implementation. - error in processing of Alt Names provided by peer. - error in processing of windows URL shortcuts.
Affected
Seamonkey version prior to 1.1.10 on Windows.
References
Updated on 2015-03-25
Severity
High Severity
Classification
Related Vulnerabilities