Mozilla SeaMonkey < 2.22 Multiple Vulnerabilities
PVS ID: 8045 FAMILY: Web Clients RISK: HIGH NESSUS ID:70702
Description: Synopsis :\n\nThe remote host has a web browser installed that is vulnerable to multiple attack vectors.\n\nVersions of Mozilla SeaMonkey earlier than version 25.0 are prone to the following vulnerabilities:\n\n - Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)\n\n - Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)\n\n - Use-after-free issues when interacting with HTML templates (CVE-2013-5603)\n\n - Security bypass via iframe injection using PDF.js (CVE-2013-5598)\n\n - Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)\n\n - Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)\n\n - Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)\n\n - Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)\n\n - Race condition causing a crash on extremely large pages (CVE-2013-5596)\n\n - A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)\n\nThe detected version from the remote host was :\n %L

Solution: Upgrade to SeaMonkey 2.22 or later.


Copyright Tenable Network Security Inc. 2013