Mozilla Seamonkey XSL Parsing Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with Mozilla Seamnkey and is prone to XSL File Parsing Vulnerability.

Impact

Successful exploitation will let the attacker cause remote code execution through a specially crafted malicious XSL file or can cause application termination at runtime. Impact Level: Application

Solution

Upgrade to Seamonkey version 1.1.16 or later. http://www.seamonkey-project.org/releases

Insight

This flaw is due to improper handling of errors encountered when transforming an XML document which can be exploited to cause memory corruption through a specially crafted XSLT code.

Affected

Mozilla Seamonkey version 1.0 to 1.1.15 on Linux.

References

http://secunia.com/advisories/34471
http://securitytracker.com/alerts/2009/Mar/1021941.html
http://www.mozilla.org/security/announce/2009/mfsa2009-12.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1169

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability
Adobe Digital Edition Denial of Service Vulnerability (Mac OS X)
FreeSSHd Remote Denial of Service Vulnerability
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
CA kmxfw.sys Code Execution and DoS Vulnerabilities

Take action and discover your vulnerabilities