This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.
A web browser on the remote host is affected by multiple
The installed version of SeaMonkey is earlier than 1.1.17. Such
versions are potentially affected by the following security issues :
- When an Adobe Flash file is loaded via the
'view-source:' scheme, the Flash plugin misinterprets
the origin of the content as localhost. An attacker can
leverage this to launch cross-site request forger
attacks. It is also possible to exploit this to place
cookie-like objects on victim's computers.
- An information disclosure vulnerability exists when
saving the inner frame of a web page as a file when the
outer page has POST data associated with it.
- Multiple memory corruption vulnerabilities could
potentially be exploited to execute arbitrary code.
- It may be possible for local resources loaded via
'file:' protocol to access any domain's cookies saved
on a user's system. (MFSA 2009-26)
- It may be possible to tamper with SSL data via non-200
responses to proxy CONNECT requests. (MFSA 2009-27)
- If the owner document of an element becomes null after
garbage collection, then it may be possible to execute
An attacker can potentially exploit this vulnerability
- It may be possible for scripts from page content to
run with elevated privileges. (MFSA 2009-32)
- It may be possible to crash SeaMonkey while viewing
'multipart/alternative' mail message with a
'text/enhanced' part. (MFSA 2009-33)
See also :
Upgrade to SeaMonkey 1.1.17 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Nessus Plugin ID: 39494 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now