SeaMonkey < 2.0.5 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 800874

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of SeaMonkey earlier than 2.0.5 are potentially affected by multiple vulnerabilities :

A re-use of a freed object due to scope confusion. (MFSA 2010-25)

- Multiple crashes can result in code execution. (MFSA 2010-26)

- A use-after-free error in nsCycleCollector::MarkRoots(). (MFSA 2010-27)

- Freed object reuse across plugin instances. (MFSA 2010-28)

- A heap buffer overflow in nsGenericDOMDataNode::SetTextInternal. (MFSA 2010-29)

- An integer overflow in XSLT node sorting. (MFSA 2010-30)

The focus() behavior can be used to inject or steal keystrokes. (MFSA 2010-31)

- The 'Content-Disposition: attachment' HTTP header is ignored when 'Content-Type: multipart' is also present. (MFSA 2010-32)

It is possible to reverse engineer the value used to seed Math.random(). (MFSA 2008-33)

Solution

Upgrade to Mozilla SeaMonkey 2.0.5 or later.

SeaMonkey < 2.0.5 Multiple Vulnerabilities

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Reference Information