Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)

Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges. (CVE-2008-1236, CVE-2008-1237).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)

Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information.
(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)

From Red Hat Security Advisory 2008:0208 :

Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237)

Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information.
(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)

All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.

Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues, including crashes that can corrupt memory, as well as a JavaScript privilege escalation and arbitrary code execution flaw.

The installed version of SeaMonkey is affected by various security issues :

  - A series of vulnerabilities that allow for JavaScript     privilege escalation and arbitrary code execution.

  - Several stability bugs leading to crashes which, in     some cases, show traces of memory corruption.

  - An HTTP Referer spoofing issue with malformed URLs.

  - A privacy issue with SSL client authentication.

  - Web content fetched via the 'jar:' protocol can use     Java via LiveConnect to open socket connections to     arbitrary ports on the localhost.

  - It is possible to have a background tab create a     border-less XUL pop-up in front of the active tab     in the user's browser.

This update fixes security issues also fixes in the Mozilla Firefox 2.0.0.13 update round.

Following security problems were fixed :

  - XUL popup spoofing variant (cross-tab popups). (MFSA     2008-19 / CVE-2008-1241)

  - Java socket connection to any local port via     LiveConnect. (MFSA 2008-18 / CVE-2008-1195 /     CVE-2008-1240)

  - Privacy issue with SSL Client Authentication. (MFSA     2008-17 / CVE-2007-4879)

  - HTTP Referrer spoofing with malformed URLs. (MFSA     2008-16 / CVE-2008-1238)

  - Crashes with evidence of memory corruption     (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 /     CVE-2008-1237)

  - JavaScript privilege escalation and arbitrary code     execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234     / CVE-2008-1235)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13.

This update provides the latest Firefox to correct these issues.

The installed version of SeaMonkey is affected by various security issues :
 - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.
 - Several stability bugs leading to crashes that, in some cases, show traces of memory corruption.
 - An HTTP Referer spoofing issue with malformed URLs.
 - A privacy issue with SSL client authentication.
 - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.
 - It is possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser.

Versions of Mozilla Thunderbird prior to 2.0.0.14 are affected by various security issues :

 - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.
 - Several stability bugs leading to crashes that, in some cases, show traces of memory corruption.

The installed version of Thunderbird is missing a critical patch.  The vendor has released a patch that addresses a number of remote vulnerabilities. 

The installed version of Firefox is affected by various security issues :

 - A series of vulnerabilities that allow for JavaScript privilege escalation and arbitrary code execution.
 - Several stability bugs leading to crashes that, in some cases, show traces of memory corruption.
 - An HTTP Referer spoofing issue with malformed URLs.
 - A privacy issue with SSL client authentication.
 - Web content fetched via the 'jar:' protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the localhost.
 - It is possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser.

ID	Name	Product	Family	Published	Updated	Severity
32185	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-605-1)	Nessus	Ubuntu Local Security Checks	5/9/2008	1/19/2021	high
60377	Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	high
67676	Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0208)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	high
31691	Fedora 8 : Miro-1.1.2-2.fc8 / blam-1.8.3-14.fc8 / chmsee-1.0.0-1.30.fc8 / devhelp-0.16.1-6.fc8 / etc (2008-2682)	Nessus	Fedora Local Security Checks	3/28/2008	1/11/2021	high
32445	Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : mozilla-thunderbird (SSA:2008-128-02)	Nessus	Slackware Local Security Checks	5/28/2008	1/14/2021	high
31653	SeaMonkey < 1.1.9 Multiple Vulnerabilities	Nessus	Windows	3/26/2008	7/27/2018	high
31991	SuSE 10 Security Update : epiphany (ZYPP Patch Number 5164)	Nessus	SuSE Local Security Checks	4/18/2008	1/14/2021	high
36441	Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:080)	Nessus	Mandriva Local Security Checks	4/23/2009	1/6/2021	high
4448	SeaMonkey < 1.1.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	3/26/2008	3/6/2019	medium
4497	Mozilla Thunderbird < 2.0.0.14 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	5/6/2008	3/6/2019	high
4446	Mozilla Thunderbird < 2.0.0.13 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	3/26/2008	3/6/2019	high
4447	Mozilla Firefox < 2.0.0.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	3/26/2008	3/6/2019	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

medium

high

high

high