SeaMonkey < 1.1.4 Multiple Vulnerabilities

This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.


Synopsis :

A web browser on the remote host is prone to multiple flaws.

Description :

The installed version of SeaMonkey allows unescaped URIs to be passed to
external programs, which could lead to execution of arbitrary code on the
affected host subject to the user's privileges, and could also allow
privilege escalation attacks against addons that create 'about:blank'
windows and populate them in certain ways.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2007-23/
https://www.mozilla.org/en-US/security/advisories/mfsa2007-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2007-27/

Solution :

Upgrade to SeaMonkey 1.1.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 25842 ()

Bugtraq ID: 25053
25142

CVE ID: CVE-2007-3844
CVE-2007-3845
CVE-2007-4041

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now