Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SeaMonkey < 1.1.12 Multiple Vulnerabilities

Medium

Synopsis

A web browser on the remote host is affected by multiple vulnerabilities.

Description

The installed version of SeaMonkey is affected by various security issues :

- Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be able to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute arbitrary code (MFSA 2008-37). - It is possible to bypass the same-origin check in 'nsXMLDocument: : OnChannelRedirect()' (MFSA 2008-38). - An attacker can cause the content window to move while the mouse is being clicked, causing an item to be dragged rather than clicked-on (MFSA 2008-40). - Privilege escalation is possible via 'XPCnativeWrapper' pollution (MFSA 2008-41). - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption (MFSA 2008-42). - Certain BOM characters and low surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is executed, which could allow for cross-site scripting attacks (MFSA 2008-43). - The 'resource: ' protocol allows directory traversal on Linux when using URL-encoded slashes, and it can by used to bypass restrictions on local HTML files (MFSA 2008-44). - A bug in the XBM decoder allows random small chunks of uninitialized memory to be read (MFSA 2008-45).

Solution

Upgrade to version 1.1.12 or higher.