SeaMonkey 2.x < 2.13 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6603

Synopsis

The remote host has a web browser installed that is vulnerable to multiple vulnerabilities.

Description

Versions of SeaMonkey 2.x prior to 2.13 are potentially affected by the following security issues :

- Multiple memory-corruption vulnerabilities in the browser engine exist which could lead to arbitrary code execution. (CVE-2012-3982, CVE-2012-3983, CVE-2012-4191)
- A URI-spoofing vulnerability exists due to an error when handling the '<select>' dropdown menu. This issue can be exploited to display arbitrary content while showing the URL of another site. An attacker can also exploit this issue to cause click jacking attacks. (CVE-2012-3984)
- A security-bypass vulnerability exists because it fails to properly enforce the same-origin policy. Specifically, the error occurs when handling 'document.domain'. An attacker can exploit this issue to execute cross-site scripting attacks. (CVE-2012-3985)
- Multiple security bypass vulnerabilities exist in the 'nsDOMWindowUtils' methods. (CVE-2012-3986)
- A use-after-free issue occurs when invoking full screen mode and navigating backwards in history. (CVE-2012-3988)
- A denial-of-service vulnerability exists due to an invalid cast error. Specifically, this issue occurs when using the instanceof operator on certain JavaScript objects. (CVE-2012-3989)
- A security-bypass vulnerability exists because it fails to properly enforce the cross-origin policy. Specifically, this issue occurs when invoking the 'GetProperty()' function through JSAPI. An attacker can exploit this issue to perform arbitrary code-execution. (CVE-2012-3991)
- A cross-site scripting vulnerability exists because it fails to sufficiently sanitize user-supplied input. Specifically, this issue occurs when handling the 'location' property through binary plugins. (CVE-2012-3994)
- A security-bypass vulnerability exists because of an error in the Chrome Object Wrapper (COW) when handling the 'InstallTrigger' object. An attacker can exploit this issue to access certain privileged functions and properties. (CVE-2012-4184, CVE-2012-3993)
- An arbitrary code-execution occurs when handling the 'location.hash' property and history navigation. (CVE-2012-3992)
- An out-of-bounds read error affects the 'IsCSSWordSpacingSpace()' function. (CVE-2012-3995)
- A use-after-free error affects the 'nsHTMLCSSUtils::CreateCSSPropertyTxn()' function. (CVE-2012-4179)
- A heap-based buffer-overflow vulnerability exists in the 'nsHTMLEditor::IsPrevCharInNodeWhitespace()' function. (CVE-2012-4180)
- A use-after-free error affects the 'nsSMILAnimationController::DoSample()' function. (CVE-2012-4181)
- A use-after-free error affects the 'nsTextEditRules::WillInsert()' function. (CVE-2012-4182)
- A use-after-free error affects the 'DOMSVGTests::GetRequiredFeatures()' function. (CVE-2012-4183)
- A buffer-overflow vulnerability exists in the 'nsCharTraits::length()' function. (CVE-2012-4185)
- A heap-based buffer-overflow vulnerability exists in the 'nsWaveReader::DecodeAudioData()" function. (CVE-2012-4186)
- A memory-corruption vulnerability exists in the 'insPos' property. (CVE-2012-4187)
- A heap-based buffer-overflow exists in the 'Convolve3x3()' function. (CVE-2012-4188)
- A use-after-free error affects the 'nsIContent::GetNameSpaceID()' function. (CVE-2012-3990)
- A cross domain information disclosure exists due to improper access to the 'location' object. (CVE-2012-4192)
- A security-bypass vulnerability exists due to an error in security wrappers that does not unwrap the 'defaultValue()' function properly. An attacker can exploit this issue to gain access to the 'location' object. (CVE-2012-4193)

These vulnerabilities allow attackers to execute arbitrary script or HTML code, steal cookie-based authentication credentials, conduct phishing attacks, execute arbitrary code in the context of the vulnerable application, crash affected applications, obtain potentially sensitive information, gain escalated privileges, bypass security restrictions, and perform unauthorized actions; other attacks may also be possible.

Solution

Upgrade to SeaMonkey 2.13 or later.

See Also

http://www.mozilla.org/security/announce/2012/mfsa2012-74.html

http://www.mozilla.org/security/announce/2012/mfsa2012-75.html

http://www.mozilla.org/security/announce/2012/mfsa2012-76.html

http://www.mozilla.org/security/announce/2012/mfsa2012-77.html

http://www.mozilla.org/security/announce/2012/mfsa2012-78.html

http://www.mozilla.org/security/announce/2012/mfsa2012-79.html

http://www.mozilla.org/security/announce/2012/mfsa2012-80.html

http://www.mozilla.org/security/announce/2012/mfsa2012-81.html

http://www.mozilla.org/security/announce/2012/mfsa2012-82.html

http://www.mozilla.org/security/announce/2012/mfsa2012-83.html

http://www.mozilla.org/security/announce/2012/mfsa2012-84.html

http://www.mozilla.org/security/announce/2012/mfsa2012-85.html

http://www.mozilla.org/security/announce/2012/mfsa2012-86.html

http://www.mozilla.org/security/announce/2012/mfsa2012-87.html

Plugin Details

Severity: High

ID: 6603

Family: Web Clients

Published: 10/16/2012

Updated: 3/6/2019

Nessus ID: 62583

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:seamonkey

Patch Publication Date: 10/12/2012

Vulnerability Publication Date: 10/10/2012

Exploitable With

Metasploit (Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution)

Reference Information

CVE: CVE-2012-3982, CVE-2012-3983, CVE-2012-3984, CVE-2012-3985, CVE-2012-3986, CVE-2012-3988, CVE-2012-3989, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188, CVE-2012-4191, CVE-2012-4192, CVE-2012-4193, CVE-2012-5354

BID: 55856, 55857, 55889, 55922, 55924, 55926, 55927, 55930, 55931, 55932, 56119, 56120, 56121, 56123, 56125, 56126, 56127, 56128, 56129, 56130, 56131, 56135, 56136, 56140, 56145, 56153, 56154, 56155, 57181