9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.076 Low
EPSS
Percentile
94.2%
Versions of SeaMonkey earlier than 2.24 are prone to the following vulnerabilities:
Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478)
An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)
An error exists related to the ‘open file’ dialog that could allow users to take unintended actions. (CVE-2014-1480)
An error exists related to the JavaScript engine and ‘window’ object handling that has unspecified impact. (CVE-2014-1481)
An error exists related to ‘RasterImage’ and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)
Errors exist related to IFrames, ‘document.caretPositionFromPoint’ and ‘document.elementFromPoint’ that could allow cross-origin information disclosure. (CVE-2014-1483)
An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485)
A use-after-free error exists related to image handling and ‘imgRequestProxy’ that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486)
An error exists related to ‘web workers’ that could allow cross-origin information disclosure. (CVE-2014-1487)
An error exists related to ‘web workers’ and ‘asm.js’ that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488)
Errors exist related to the included Network Security Services (NSS) libraries, ‘NewSessionTicket’ handshakes and public Diffie-Hellman values that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1490, CVE-2014-1491)
Binary data 8099.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1488
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491
www.mozilla.org/security/announce/2014/mfsa2014-01.html
www.mozilla.org/security/announce/2014/mfsa2014-02.html
www.mozilla.org/security/announce/2014/mfsa2014-03.html
www.mozilla.org/security/announce/2014/mfsa2014-04.html
www.mozilla.org/security/announce/2014/mfsa2014-05.html
www.mozilla.org/security/announce/2014/mfsa2014-07.html
www.mozilla.org/security/announce/2014/mfsa2014-08.html
www.mozilla.org/security/announce/2014/mfsa2014-09.html
www.mozilla.org/security/announce/2014/mfsa2014-11.html
www.mozilla.org/security/announce/2014/mfsa2014-12.html
www.mozilla.org/security/announce/2014/mfsa2014-13.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.076 Low
EPSS
Percentile
94.2%