Lucene search

K
nessusTenable4693.PRM
HistorySep 24, 2008 - 12:00 a.m.

SeaMonkey < 1.1.12 Multiple Vulnerabilities

2008-09-2400:00:00
Tenable
www.tenable.com
5

The installed version of SeaMonkey is affected by various security issues :

  • Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be able to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute arbitrary code (MFSA 2008-37).
  • It is possible to bypass the same-origin check in ‘nsXMLDocument: : OnChannelRedirect()’ (MFSA 2008-38).
  • An attacker can cause the content window to move while the mouse is being clicked, causing an item to be dragged rather than clicked-on (MFSA 2008-40).
  • Privilege escalation is possible via ‘XPCnativeWrapper’ pollution (MFSA 2008-41).
  • There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption (MFSA 2008-42).
  • Certain BOM characters and low surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is executed, which could allow for cross-site scripting attacks (MFSA 2008-43).
  • The 'resource: ’ protocol allows directory traversal on Linux when using URL-encoded slashes, and it can by used to bypass restrictions on local HTML files (MFSA 2008-44).
  • A bug in the XBM decoder allows random small chunks of uninitialized memory to be read (MFSA 2008-45).
Binary data 4693.prm
VendorProductVersion
mozillaseamonkey

References