SeaMonkey < 2.26 Multiple Vulnerabilities

High Nessus Plugin ID 73771


The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.


The installed version of SeaMonkey is a version prior to 2.26 and is, therefore, potentially affected by the following vulnerabilities :

- An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)

- Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519)

- An out-of-bounds read issue exists in the Web Audio feature that could lead to information disclosure.

- An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523)

- A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524)

- A use-after-free memory issue exists in the Text Track Manager during HTML video processing that could lead to arbitrary code execution. (CVE-2014-1525)

- An issue exists related to the debugger bypassing XrayWrappers that could lead to privilege escalation.

- An out-of-bounds write issue exists in the Cairo graphics library that could lead to arbitrary code execution. Note that this issue only affects Firefox 28 and SeaMonkey prior to version 2.26. (CVE-2014-1528)

- A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution.

- A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar.

- A use-after-free issue exists due to an 'imgLoader' object being freed when being resized. This issue could lead to arbitrary code execution. (CVE-2014-1531)

- A use-after-free issue exists during host resolution that could lead to arbitrary code execution.


Upgrade to SeaMonkey 2.26 or later.

See Also

Plugin Details

Severity: High

ID: 73771

File Name: seamonkey_2_26.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2014/04/29

Modified: 2017/12/28

Dependencies: 20862

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:seamonkey

Required KB Items: SeaMonkey/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/04/29

Vulnerability Publication Date: 2014/03/28

Reference Information

CVE: CVE-2014-1492, CVE-2014-1518, CVE-2014-1519, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532

BID: 66356, 67123, 67125, 67127, 67129, 67130, 67131, 67132, 67133, 67134, 67135, 67136, 67137

OSVDB: 104708, 106396, 106397, 106398, 106400, 106401, 106402, 106403, 106404, 106405, 106406

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990