icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SeaMonkey 2.x < 2.10 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple vulnerabilities.

Description

Versions of SeaMonkey 2.x earlier than 2.10 are potentially affected by the following security issues :

- An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441)

- Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938)

- Two heap-based buffer overflows and one heap-based use-after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)

- Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943)

- The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944)

- A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)

Solution

Upgrade to SeaMonkey 2.10 or later.