SeaMonkey < 1.1.18 Multiple Vulnerabilities

High Nessus Plugin ID 40874


A web browser on the remote host is affected by multiple vulnerabilities.


The installed version of SeaMonkey is earlier than 1.1.18. Such versions are potentially affected by the following security issues :

- The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name.
(MFSA 2009-42)

- A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43)


Upgrade to SeaMonkey 1.1.18 or later.

See Also

Plugin Details

Severity: High

ID: 40874

File Name: seamonkey_1118.nasl

Version: $Revision: 1.14 $

Type: local

Agent: windows

Family: Windows

Published: 2009/09/04

Modified: 2017/06/12

Dependencies: 20862

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:seamonkey

Required KB Items: SeaMonkey/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/09/03

Vulnerability Publication Date: 2009/07/30

Reference Information

CVE: CVE-2009-2404, CVE-2009-2408

BID: 35888, 35891

OSVDB: 56723, 56724, 64070

Secunia: 36125

CWE: 119, 310