Summary
This host is installed with SeaMonkey and
is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to disclose potentially sensitive information, compromise a user's system, bypass certain security restrictions and other unknown impacts.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version 2.31 or later,
For updates refer to http://www.mozilla.com/en-US/seamonkey
Insight
Multiple flaws exist due to,
- A bad cast issue from the BasicThebesLayer to BasicContainerLayer.
- An error when parsing media content within the 'mozilla::FileBlockCache::Read' function.
- A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class.
- An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream.
- An error that is triggered when handling a CSS stylesheet that has its namespace improperly declared.
- Multiple unspecified errors.
- An error when filtering object properties via XrayWrappers.
- An error when passing Chrome Object Wrappers (COW) protected chrome objects as native interfaces.
- An error when handling Content Security Policy (CSP) violation reports triggered by a redirect.
Affected
SeaMonkey version before 2.31 on Windows.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-8631, CVE-2014-8632 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Apache Tomcat Remote Code Execution Vulnerability - Sep14
- aMSN session hijack vulnerability (Windows)
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)