Summary
This host is installed with SeaMonkey and
is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to disclose potentially sensitive information, compromise a user's system, bypass certain security restrictions and other unknown impacts.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version 2.31 or later,
For updates refer to http://www.mozilla.com/en-US/seamonkey
Insight
Multiple flaws exist due to,
- A bad cast issue from the BasicThebesLayer to BasicContainerLayer.
- An error when parsing media content within the 'mozilla::FileBlockCache::Read' function.
- A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class.
- An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream.
- An error that is triggered when handling a CSS stylesheet that has its namespace improperly declared.
- Multiple unspecified errors.
- An error when filtering object properties via XrayWrappers.
- An error when passing Chrome Object Wrappers (COW) protected chrome objects as native interfaces.
- An error when handling Content Security Policy (CSP) violation reports triggered by a redirect.
Affected
SeaMonkey version before 2.31 on Mac OS X.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-8631, CVE-2014-8632 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)