Mozilla SeaMonkey < 2.22 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla SeaMonkey earlier than version 25.0 are prone to the following vulnerabilities:

- Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)

- Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)

- Use-after-free issues when interacting with HTML templates (CVE-2013-5603)

- Security bypass via iframe injection using PDF.js (CVE-2013-5598)

- Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)

- Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)

- Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)

- Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)

- Race condition causing a crash on extremely large pages (CVE-2013-5596)

- A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)

Solution

Upgrade to SeaMonkey 2.22 or later.