icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla SeaMonkey 2.x < 2.3.0 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of SeaMonkey earlier than 2.3.0 are potentially affected by multiple vulnerabilities :

- An error in SVG text manipulation code createes a dangling pointer vulnerability. (CVE-2011-0084)

- Multiple unspecified memory safety issues exist. (CVE-2011-2985)

- An errir in the D2D hardware acceleration code can allow image data from one domain to be read by another domain. (CVE-2011-2986)

- An error in the ANGLE library used by the WebGL implementation can allow heap overflows, possibly leading to code execution. (CVE-2011-2987)

- An error in the shader program handling code can allow a large shader program to overflow a buffer and crash. (CVE-2011-2988)

- An unspecified error exists related to WebGL. (CVE-2011-2989)

- Two errors exist related to Content Security Policy and can lead to information disclosure. (CVE-2011-2990)

- An unspecified error exists that can allow JavaScript crashes. (CVE-2011-2991)

- An unspecified error exists that can allow the Ogg reader to crash. (CVE-2011-2992)

- An unspecified error exists that can allow unsigned JavaScript to call into a signed JAR and inherit the signed JAR's permissions and identity. (CVE-2011-2993)

Solution

Upgrade to SeaMonkey 2.3.0 or later.