Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SeaMonkey < 2.22 Multiple Vulnerabilities



The remote host has a web browser installed that is vulnerable to multiple attack vectors.


Versions of SeaMonkey earlier than version 25.0 are prone to the following vulnerabilities:

- Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)

- Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)

- Use-after-free issues when interacting with HTML templates (CVE-2013-5603)

- Security bypass via iframe injection using PDF.js (CVE-2013-5598)

- Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)

- Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)

- Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)

- Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)

- Race condition causing a crash on extremely large pages (CVE-2013-5596)

- A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)


Upgrade to SeaMonkey 2.22 or later.