Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable6626.PRM
HistoryNov 29, 2012 - 12:00 a.m.

SeaMonkey 2.x < 2.14 Multiple Vulnerabilities

2012-11-2900:00:00
Tenable
www.tenable.com
13

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.068 Low

EPSS

Percentile

93.9%

JSON

Versions of SeaMonkey 2.13.x are potentially affected by the following security issues :

  • Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-5842, CVE-2012-5843)

  • An error exists in the method ‘image::RasterImage::DrawFrameTo’ related to GIF images that could allow a heap-based buffer overflow leading to arbitrary code execution. (CVE-2012-4202)

  • An error exists related to SVG text and CSS properties that could lead to application crashes. (CVE-2012-5836)

  • The JavaScript function ‘str_unescape’ could allow arbitrary code execution. (CVE-2012-4204)

  • ‘XMLHttpRequest’ objects inherit incorrect principals when created in sandboxes that could allow cross-site request forgery attacks (XSRF). (CVE-2012-4205)

  • ‘XrayWrappers’ can expose DOM properties that are not meant to be accessible outside of the chrome compartment. (CVE-2012-4208)

  • Errors exist related to ‘evalInSandbox’, ‘HZ-GB-2312’ charset, frames and the ‘location’ object, and ‘cross-origin wrappers’ that can allow cross-site scripting (XSS) attacks. (CVE-2012-4201, CVE-2012-4207, CVE-2012-4209, CVE-2012-5841)

  • Various use-after-free, out-of-bounds read and buffer overflow errors exist that could potentially lead to arbitrary code execution. (CVE-2012-4212, CVE-2012-4213, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4217, CVE-2012-4218, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838, CVE-2012-5839, CVE-2012-5840)

Binary data 6626.prm
VendorProductVersionCPE
mozillaseamonkeycpe:/a:mozilla:seamonkey

References

Related

openvas 72
nessus 39
ubuntu 4
centos 2
redhat 2
oraclelinux 2
freebsd 1
suse 2
securityvulns 1
veracode 12
mozilla 4
fedora 3
debian 3
osv 3
prion 9
ubuntucve 12
cvelist 10
nvd 10
cve 8
openvas
openvas
Ubuntu: Security Advisory (USN-1636-1)
2012-11-23 00:00:00
Ubuntu Update for thunderbird USN-1636-1
2012-11-23 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities-02 (Nov 2012) - Mac OS X
2012-11-26 00:00:00
nessus
nessus
Mozilla Thunderbird 16.x <= 16 Multiple Vulnerabilities
2012-11-29 00:00:00
Mozilla Thunderbird < 17.0 Multiple Vulnerabilities
2012-11-29 00:00:00
Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)
2012-11-21 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-11-21 00:00:00
ubufox update
2012-11-21 00:00:00
Firefox vulnerabilities
2012-11-21 00:00:00
centos
centos
thunderbird security update
2012-11-22 02:10:10
firefox, xulrunner security update
2012-11-22 02:03:00
redhat
redhat
(RHSA-2012:1483) Critical: thunderbird security update
2012-11-20 00:00:00
(RHSA-2012:1482) Critical: firefox security update
2012-11-20 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-11-20 00:00:00
firefox security update
2012-11-20 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-11-20 00:00:00
suse
suse
security update to Firefox 17.0 and other Mozilla based packages (important)
2013-01-23 14:07:31
Security update for Mozilla Firefox (important)
2012-11-29 01:08:52
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-12-03 00:00:00
veracode
veracode
Arbitrary Code Execution Or Denial Of Service (DoS)
2019-05-02 04:41:13
Arbitrary Code Execution Or Denial Of Service (DoS)
2019-05-02 04:41:16
Remote Code Execution (RCE)
2019-05-02 04:41:16
mozilla
mozilla
Use-after-free and buffer overflow issues found using Address Sanitizer — Mozilla
2012-11-20 00:00:00
Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer — Mozilla
2012-11-20 00:00:00
Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) — Mozilla
2012-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: seamonkey-2.14-1.fc16
2012-12-04 04:52:29
[SECURITY] Fedora 18 Update: seamonkey-2.14-1.fc18
2012-12-04 05:23:29
[SECURITY] Fedora 17 Update: seamonkey-2.14-1.fc17
2012-12-04 04:58:59
debian
debian
[SECURITY] [DSA 2583-1] iceweasel security update
2012-12-08 12:05:22
[SECURITY] [DSA 2588-1] icedove security update
2012-12-16 13:09:41
[SECURITY] [DSA 2584-1] iceape security update
2012-12-08 14:05:02
osv
osv
iceape - several
2012-12-08 00:00:00
iceweasel - several
2012-12-08 00:00:00
icedove - several
2012-12-16 00:00:00
prion
prion
Design/Logic Flaw
2012-11-21 12:55:00
Design/Logic Flaw
2012-11-21 12:55:00
Design/Logic Flaw
2012-11-21 12:55:00
ubuntucve
ubuntucve
CVE-2012-4214
2012-11-21 00:00:00
CVE-2012-5840
2012-11-21 00:00:00
CVE-2012-4205
2012-11-21 00:00:00
cvelist
cvelist
CVE-2012-4214
2012-11-21 11:00:00
CVE-2012-5840
2012-11-21 11:00:00
CVE-2012-4215
2012-11-21 11:00:00
nvd
nvd
CVE-2012-5840
2012-11-21 12:55:03
CVE-2012-4214
2012-11-21 12:55:02
CVE-2012-4215
2012-11-21 12:55:02
cve
cve
CVE-2012-5840
2012-11-21 12:55:03
CVE-2012-4214
2012-11-21 12:55:02
CVE-2012-5833
2012-11-21 12:55:03

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.068 Low

EPSS

Percentile

93.9%

JSON
Related for 6626.PRM
openvas72nessus39ubuntu4centos2redhat2oraclelinux2freebsd1suse2securityvulns1veracode12mozilla4fedora3debian3osv3prion9ubuntucve12cvelist10nvd10cve8