SeaMonkey < 1.1.15 Multiple Vulnerabilities

2009-03-2300:00:00

Tenable

www.tenable.com

The installed version of SeaMonkey is earlier than 1.1.15. Such versions are potentially affected by the following security issues :

There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2009-01)
Cookies marked HTTPOnly are readable by JavaScript via the ‘XMLHttpRequest.getResponseHeader’ and ‘XMLHttpRequest.getAllResponseHeaders’ APIs. (MFSA 2009-05)
By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07)
It may be possible for a website to read arbitrary XML data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 2009-09)
Vulnerabilities in the PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote system. (MFSA 2009-10)

Binary data 4965.prm

VendorProductVersionCPE
mozillaseamonkeycpe:/a:mozilla:seamonkey

Vendor	Product	Version	CPE
mozilla	seamonkey		cpe:/a:mozilla:seamonkey

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0352

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0353

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0354

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0356

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0357

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0358

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777

www.mozilla.org/security/announce/2009/mfsa2009-01.html

www.mozilla.org/security/announce/2009/mfsa2009-05.html

www.mozilla.org/security/announce/2009/mfsa2009-07.html

www.mozilla.org/security/announce/2009/mfsa2009-09.html

www.mozilla.org/security/announce/2009/mfsa2009-10.html

www.mozilla.org/security/announce/2009/mfsa2009-15.html