Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SeaMonkey < 1.1.12 Multiple Vulnerabilities

🗓️ 24 Sep 2008 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 27 Views

SeaMonkey < 1.1.12 Multiple Vulnerabilities - Security Issue

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today		Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit
14 Sep 200900:00
zdt
FreeBSD		mozilla -- multiple vulnerabilities
24 Sep 200800:00
freebsd
Tenable Nessus		Mozilla Firefox < 3.0.2 Multiple Vulnerabilities
24 Sep 200800:00
nessus
Tenable Nessus		Mozilla Firefox < 2.0.0.17 Multiple Vulnerabilities
24 Sep 200800:00
nessus
Tenable Nessus		SeaMonkey < 1.1.12 Multiple Vulnerabilities
24 Sep 200800:00
nessus
Tenable Nessus		Mozilla Thunderbird < 2.0.0.17 Multiple Vulnerabilities
26 Sep 200800:00
nessus
Tenable Nessus		CentOS 4 / 5 : firefox (CESA-2008:0879)
6 Jan 201000:00
nessus
Tenable Nessus		CentOS 3 / 4 : seamonkey (CESA-2008:0882)
25 Sep 200800:00
nessus
Tenable Nessus		CentOS 4 / 5 : thunderbird (CESA-2008:0908)
6 Oct 200800:00
nessus
Tenable Nessus		Debian DSA-1649-1 : iceweasel - several vulnerabilities
9 Oct 200800:00
nessus
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(34269);
  script_version("1.20");

  script_cve_id("CVE-2008-0016", "CVE-2008-3835", "CVE-2008-3837", "CVE-2008-4058",
                "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062",
                "CVE-2008-4063", "CVE-2008-4064", "CVE-2008-4065", "CVE-2008-4066",
                "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4069", "CVE-2008-4070");
  script_bugtraq_id(31346, 31397, 31411);
  script_xref(name:"Secunia", value:"32010");

  script_name(english:"SeaMonkey < 1.1.12 Multiple Vulnerabilities");
  script_summary(english:"Checks version of SeaMonkey");

 script_set_attribute(attribute:"synopsis", value:
"A web browser on the remote host is affected by multiple
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The installed version of SeaMonkey is affected by various security
issues :

  - Using a specially crafted UTF-8 URL in a hyperlink, an
    attacker might be able to exploit a stack buffer
    overflow in the Mozilla URL parsing routes to execute
    arbitrary code. (MFSA 2008-37)

  - It is possible to bypass the same-origin check in
    'nsXMLDocument::OnChannelRedirect()'. (MFSA 2008-38)

  - An attacker can cause the content window to move while
    the mouse is being clicked, causing an item to be
    dragged rather than clicked-on. (MFSA 2008-40)

  - Privilege escalation is possible via 'XPCnativeWrapper'
    pollution. (MFSA 2008-41)

  - There are several stability bugs in the browser engine
    that may lead to crashes with evidence of memory
    corruption. (MFSA 2008-42)

  - Certain BOM characters and low surrogate characters,
    if HTML-escaped, are stripped from JavaScript code
    before it is executed, which could allow for cross-
    site scripting attacks. (MFSA 2008-43)

  - The 'resource:' protocol allows directory traversal
    on Linux when using URL-encoded slashes, and it can
    by used to bypass restrictions on local HTML files.
    (MFSA 2008-44)

  - A bug in the XBM decoder allows random small chunks of
    uninitialized memory to be read. (MFSA 2008-45)

  - There is a heap-based buffer overflow that can be
    triggered when canceling a newsgroup message.
    (MFSA 2008-46)");
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-37/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-38/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-40/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-41/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-42/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-43/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-44/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-45/" );
 script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-46/" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to SeaMonkey 1.1.12 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-4070");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_cwe_id(22, 79, 119, 189, 200, 264, 399);
 script_set_attribute(attribute:"plugin_publication_date", value: "2008/09/24");
 script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2026 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("installed_sw/SeaMonkey");

  exit(0);
}
include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'SeaMonkey', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '1.1.12'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 May 2026 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 210
EPSS0.48604
seamonkeyvulnerabilitiesstack buffer overflowsame-origin checkprivilege escalationstability bugscross-site scriptingdirectory traversalxbm decoderbuffer overflow
27