The installed version of SeaMonkey is affected by various security issues :
Several stability bugs leading to crashes that, in some cases, show traces of memory corruption
Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known.
Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS and/or remote code execution.
A directory traversal vulnerability via the βchrome:β URI.
A vulnerability involving βdesignModeβ frames that may result in web browsing history and forward navigation stealing.
Mis-handling of locally-saved plain text files.
Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects.
Binary data 4366.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0592
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594
www.mozilla.org
www.mozilla.org/security/announce/2008/mfsa2008-01.html
www.mozilla.org/security/announce/2008/mfsa2008-02.html
www.mozilla.org/security/announce/2008/mfsa2008-03.html
www.mozilla.org/security/announce/2008/mfsa2008-05.html
www.mozilla.org/security/announce/2008/mfsa2008-06.html
www.mozilla.org/security/announce/2008/mfsa2008-07.html
www.mozilla.org/security/announce/2008/mfsa2008-09.html
www.mozilla.org/security/announce/2008/mfsa2008-10.html
www.mozilla.org/security/announce/2008/mfsa2008-12.html
www.mozilla.org/security/announce/2008/mfsa2008-13.html