Lucene search

K
nessusTenable8099.PRM
HistoryFeb 05, 2014 - 12:00 a.m.

SeaMonkey < 2.24 Multiple Vulnerabilities

2014-02-0500:00:00
Tenable
www.tenable.com
25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.2%

Versions of SeaMonkey earlier than 2.24 are prone to the following vulnerabilities:

  • Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478)

  • An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)

  • An error exists related to the ‘open file’ dialog that could allow users to take unintended actions. (CVE-2014-1480)

  • An error exists related to the JavaScript engine and ‘window’ object handling that has unspecified impact. (CVE-2014-1481)

  • An error exists related to ‘RasterImage’ and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)

  • Errors exist related to IFrames, ‘document.caretPositionFromPoint’ and ‘document.elementFromPoint’ that could allow cross-origin information disclosure. (CVE-2014-1483)

  • An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485)

  • A use-after-free error exists related to image handling and ‘imgRequestProxy’ that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486)

  • An error exists related to ‘web workers’ that could allow cross-origin information disclosure. (CVE-2014-1487)

  • An error exists related to ‘web workers’ and ‘asm.js’ that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488)

  • Errors exist related to the included Network Security Services (NSS) libraries, ‘NewSessionTicket’ handshakes and public Diffie-Hellman values that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1490, CVE-2014-1491)

Binary data 8099.prm
VendorProductVersionCPE
mozillaseamonkeycpe:/a:mozilla:seamonkey

References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.076 Low

EPSS

Percentile

94.2%