Summary
This host is installed with SeaMonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version 2.24 or later,
For updates refer to http://www.mozilla.com/en-US/seamonkey
Insight
Multiple flaws are due to,
- An error when handling XML Binding Language (XBL) content scopes.
- An error when handling discarded images within the 'RasterImage' class.
- An error related to the 'document.caretPositionFromPoint()' and 'document.elementFromPoint()' functions.
- An error when handling XSLT stylesheets.
- A use-after-free error related to certain content types when used with the 'imgRequestProxy()' function.
- An error when handling web workers error messages.
- An error when terminating a web worker running asm.js code after passing an object between threads.
- A race condition error when handling session tickets within libssl.
- An error when handling JavaScript native getters on window objects.
- Additionally, a weakness exists when handling the dialog for saving downloaded files.
Affected
SeaMonkey version before 2.24 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1490, CVE-2014-1491 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Windows)