Summary
This host is installed with SeaMonkey and
is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version 2.32 or later,
For updates refer to http://www.mozilla.com/en-US/seamonkey
Insight
Multiple flaws exist due to,
- Some unspecified errors.
- An error when rendering a bitmap image by the bitmap decoder within a canvas element.
- An error when handling a request from 'navigator.sendBeacon' API interface function.
- An error when handling a '407 Proxy Authentication' response with a 'Set-Cookie' header from a web proxy.
- A use-after-free error when handling tracks within WebRTC.
- An error when handling the 'id-pkix-ocsp-nocheck' extension during verification of a delegated OCSP (Online Certificate Status Protocol) response signing certificate.
- An error when handling DOM (Document Object Model) objects with certain properties.
- Improper restriction of timeline operations by the 'mozilla::dom::AudioParamTimeline::AudioNodeInputValue' function in the Web Audio API.
Affected
SeaMonkey version before 2.32 on Mac OS X.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
- http://secunia.com/advisories/62253
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-01
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-02
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-03
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-04
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-05
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-06
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-08
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-09
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8634, CVE-2014-8635, CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)