SeaMonkey < 1.1.14 Multiple Vulnerabilities

High Nessus Plugin ID 35220


A web browser on the remote host is affected by multiple vulnerabilities.


The installed version of SeaMonkey is earlier than 1.1.14. Such versions are potentially affected by the following security issues :

- There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60)

- XBL bindings can be used to read data from other domains. (MFSA 2008-61)

- Sensitive data may be disclosed in an XHR response when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a different domain. (MFSA 2008-64)

- A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. (MFSA 2008-65)

- Errors arise when parsing URLs with leading whitespace and control characters. (MFSA 2008-66)

- An escaped null byte is ignored by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 2008-67)

- XSS and JavaScript privilege escalation are possible.
(MFSA 2008-68)


Upgrade to SeaMonkey 1.1.14 or later.

See Also

Plugin Details

Severity: High

ID: 35220

File Name: seamonkey_1114.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2008/12/17

Modified: 2017/06/12

Dependencies: 20862

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:seamonkey

Required KB Items: SeaMonkey/Version

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512

BID: 32882

OSVDB: 51284, 51285, 51286, 51287, 51288, 51291, 51292, 51293, 51294, 51295, 51296

CWE: 20, 79, 200, 264, 399