Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SeaMonkey < 2.0.14 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of SeaMonkey earlier than 2.0.14 are potentially affected by multiple vulnerabilities :

Multiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)

- Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)

- A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)

- The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of SeaMonkey could be exploited to obtain elevated access to resources on a user's system. (MFSA2011-15)

- The 'resource: ' protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)

- The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)

Solution

Upgrade to SeaMonkey 2.0.14 or later.