Mozilla Seamonkey Multiple Vulnerability Jun-09 (Win)

  1. Network Vulnerabilities
  2. General
  3. Mozilla Seamonkey Multiple Vulnerability Jun-09 (Win)
Summary
The host is installed with Seamonkey, which is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary JavaScript code execution, spoofing attacks, sensitive information disclosure, and can cause denial of service. Impact Level: System/Application
Solution
Upgrade to Firefox version 1.1.17 http://www.seamonkey-project.org/releases/
Insight
- Error in js/src/xpconnect/src/xpcwrappedjsclass.cpp file will allow attacker to execute arbitrary web script. - Multiple errors in the layout and JavaScript engines that can corrupt memory - Error in location bar,when used as part of an IDN.due to certain invalid unicode characters being displayed as whitespace. - An error when handling a non-200 response returned by a proxy in reply to a CONNECT request, which could cause the body of the response to be rendered within the context of the request 'Host:' header. - An error when handling event listeners attached to an element whose owner document is null. - Due to the 'file:' resource inheriting the principal of the previously loaded document when loaded via the location, allow unauthorized access to local files. - Due to content-loading policies not being checked before loading external script files into XUL documents, which could be exploited to bypass restrictions. - Error exists via vectors involving 'double frame construction.' - Error exists in JavaScript engine is caused via vectors related to js_LeaveSharpObject, ParseXMLSource, and a certain assertion in jsinterp.c.
Affected
Firefox version prior to 1.1.17 on Windows.
References
Updated on 2015-03-25
Severity
High Severity
Classification
Related Vulnerabilities