icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla SeaMonkey 2.0.x < 2.0.13 Invalid HTTP Certificates

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of SeaMonkey earlier than 2.0.13 have an out-of-date SSL certificate blacklist. A certificate authority (CA) has revoked a number of fraudulent SSL certificates for several prominent public websites.

If an attacker can trick someone into using the affected browser and visiting a malicious site using one of the fraudulent certificates, he may be able to fool that user into believing the site is a legitimate one. In turn, the user could send credentials to the malicious site or download and install applications.

Solution

Upgrade to SeaMonkey 2.0.13 or later.