SeaMonkey multiple vulnerabilities, arbitrary code executio
Reporter | Title | Published | Views | Family All 129 |
---|---|---|---|---|
![]() | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 2258) | 13 Dec 200700:00 | – | nessus |
![]() | openSUSE 10 Security Update : seamonkey (seamonkey-2250) | 17 Oct 200700:00 | – | nessus |
![]() | RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2006:0734) | 20 Nov 200600:00 | – | nessus |
![]() | CentOS 3 / 4 : seamonkey (CESA-2006:0734) | 23 Apr 200900:00 | – | nessus |
![]() | CentOS 4 : thunderbird (CESA-2006:0735) | 23 Apr 200900:00 | – | nessus |
![]() | GLSA-200612-06 : Mozilla Thunderbird: Multiple vulnerabilities | 14 Dec 200600:00 | – | nessus |
![]() | openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2251) | 17 Oct 200700:00 | – | nessus |
![]() | RHEL 4 : firefox (RHSA-2006:0733) | 20 Nov 200600:00 | – | nessus |
![]() | GLSA-200612-07 : Mozilla Firefox: Multiple vulnerabilities | 14 Dec 200600:00 | – | nessus |
![]() | Fedora Core 6 : devhelp-0.12-8.fc6 / epiphany-2.16.0-5.fc6 / firefox-1.5.0.8-1.fc6 / etc (2006-1191) | 17 Jan 200700:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200612-08.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(23860);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2006-5462", "CVE-2006-5463", "CVE-2006-5464", "CVE-2006-5747", "CVE-2006-5748");
script_bugtraq_id(19849);
script_xref(name:"GLSA", value:"200612-08");
script_name(english:"GLSA-200612-08 : SeaMonkey: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200612-08
(SeaMonkey: Multiple vulnerabilities)
The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode
execution and arbitrary code execution.
Impact :
An attacker could entice a user to load malicious JavaScript or a
malicious web page with a SeaMonkey application and execute arbitrary
code with the rights of the user running those products. It is
important to note that in the SeaMonkey email client, JavaScript is
disabled by default.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200612-08"
);
script_set_attribute(
attribute:"solution",
value:
"All SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.0.6'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2006/12/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/14");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 1.0.6"), vulnerable:make_list("lt 1.0.6"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SeaMonkey");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo