Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.SEAMONKEY_1117.NASL
HistoryJun 23, 2009 - 12:00 a.m.

SeaMonkey < 1.1.17 Multiple Vulnerabilities

2009-06-2300:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
15
JSON

The installed version of SeaMonkey is earlier than 1.1.17. Such versions are potentially affected by the following security issues :

  • When an Adobe Flash file is loaded via the ‘view-source:’ scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage this to launch cross-site request forger attacks. It is also possible to exploit this to place cookie-like objects on victim’s computers.
    (MFSA 2009-17)

  • An information disclosure vulnerability exists when saving the inner frame of a web page as a file when the outer page has POST data associated with it.
    (MFSA 2009-21)

  • Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code.
    (MFSA 2009-24)

  • It may be possible for local resources loaded via ‘file:’ protocol to access any domain’s cookies saved on a user’s system. (MFSA 2009-26)

  • It may be possible to tamper with SSL data via non-200 responses to proxy CONNECT requests. (MFSA 2009-27)

  • If the owner document of an element becomes null after garbage collection, then it may be possible to execute the event listeners within the wrong JavaScript context.
    An attacker can potentially exploit this vulnerability to execute arbitrary JavaScript with chrome privileges.
    (MFSA 2009-29)

  • It may be possible for scripts from page content to run with elevated privileges. (MFSA 2009-32)

  • It may be possible to crash SeaMonkey while viewing ‘multipart/alternative’ mail message with a ‘text/enhanced’ part. (MFSA 2009-33)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(39494);
  script_version("1.15");

  script_cve_id("CVE-2009-1307", "CVE-2009-1311", "CVE-2009-1392", "CVE-2009-1832",
                "CVE-2009-1833", "CVE-2009-1835", "CVE-2009-1836", "CVE-2009-1838",
                "CVE-2009-1841", "CVE-2009-2210");
  script_bugtraq_id(34656, 35370, 35371, 35372, 35373, 35383, 35461);
  script_xref(name:"Secunia", value:"35439");

  script_name(english:"SeaMonkey < 1.1.17 Multiple Vulnerabilities");
  script_summary(english:"Checks version of SeaMonkey");

  script_set_attribute(attribute:"synopsis", value:
"A web browser on the remote host is affected by multiple
vulnerabilities." );

  script_set_attribute(attribute:"description", value:
"The installed version of SeaMonkey is earlier than 1.1.17.  Such
versions are potentially affected by the following security issues :

  - When an Adobe Flash file is loaded via the
    'view-source:' scheme, the Flash plugin misinterprets
    the origin of the content as localhost. An attacker can
    leverage this to launch cross-site request forger
    attacks. It is also possible to exploit this to place
    cookie-like objects on victim's computers.
    (MFSA 2009-17)

  - An information disclosure vulnerability exists when
    saving the inner frame of a web page as a file when the
    outer page has POST data associated with it.
    (MFSA 2009-21)

  - Multiple memory corruption vulnerabilities could
    potentially be exploited to execute arbitrary code.
    (MFSA 2009-24)

  - It may be possible for local resources loaded via
    'file:' protocol to access any domain's cookies saved
    on a user's system. (MFSA 2009-26)

  - It may be possible to tamper with SSL data via non-200
    responses to proxy CONNECT requests. (MFSA 2009-27)

  - If the owner document of an element becomes null after
    garbage collection, then it may be possible to execute
    the event listeners within the wrong JavaScript context.
    An attacker can potentially exploit this vulnerability
    to execute arbitrary JavaScript with chrome privileges.
    (MFSA 2009-29)

  - It may be possible for scripts from page content to
    run with elevated privileges. (MFSA 2009-32)

  - It may be possible to crash SeaMonkey while viewing
    'multipart/alternative' mail message with a
    'text/enhanced' part. (MFSA 2009-33)" );

  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-17/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-21/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-24/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-27/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-29/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-32/" );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-33/" );
  script_set_attribute(attribute:"solution", value:
"Upgrade to SeaMonkey 1.1.17 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 94, 200, 287);

 script_set_attribute(attribute:"plugin_publication_date", value: "2009/06/23");
 script_cvs_date("Date: 2018/07/27 18:38:15");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("SeaMonkey/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/SeaMonkey/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");

mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.17', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillaseamonkeycpe:/a:mozilla:seamonkey

References

Related

nessus 43
openvas 79
fedora 41
oraclelinux 4
centos 4
redhat 5
debian 2
suse 1
freebsd 1
securityvulns 3
ubuntu 2
osv 2
mozilla 2
seebug 1
cve 2
veracode 3
prion 1
checkpoint_advisories 1
ubuntucve 2
nessus
nessus
SuSE9 Security Update : epiphany (YOU Patch Number 12519)
2009-10-07 00:00:00
Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-176-01)
2009-06-26 00:00:00
Fedora 10 : seamonkey-1.1.17-1.fc10 (2009-7567)
2009-07-17 00:00:00
openvas
openvas
Slackware Advisory SSA:2009-176-01 seamonkey
2012-09-11 00:00:00
SLES9: Security update for epiphany
2009-10-10 00:00:00
SLES9: Security update for epiphany
2009-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: seamonkey-1.1.17-1.fc11
2009-07-16 07:11:14
[SECURITY] Fedora 10 Update: seamonkey-1.1.17-1.fc10
2009-07-16 06:57:32
[SECURITY] Fedora 10 Update: epiphany-extensions-2.24.3-2.fc10
2009-06-16 02:20:19
oraclelinux
oraclelinux
seamonkey security update
2009-06-12 00:00:00
firefox security update
2009-06-12 00:00:00
thunderbird security update
2009-06-25 00:00:00
centos
centos
seamonkey security update
2009-06-12 21:25:45
firefox, xulrunner security update
2009-06-19 11:07:44
thunderbird security update
2009-06-26 14:08:25
redhat
redhat
(RHSA-2009:1096) Critical: seamonkey security update
2009-06-11 00:00:00
(RHSA-2009:1095) Critical: firefox security update
2009-06-11 00:00:00
(RHSA-2009:1126) Moderate: thunderbird security update
2009-06-25 00:00:00
debian
debian
[SECURITY] [DSA 1820-1] New xulrunner packages fix several vulnerabilities
2009-06-18 14:13:03
[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities
2009-07-12 11:21:02
suse
suse
remote code execution in MozillaFirefox
2009-06-16 16:38:22
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-06-11 00:00:00
securityvulns
securityvulns
Mozilla Firefox multiple security vulnerabilities
2009-06-14 00:00:00
Mozilla Foundation Security Advisory 2009-24
2009-06-14 00:00:00
Mozilla Foundation Security Advisory 2009-32
2009-06-14 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-06-12 00:00:00
Thunderbird vulnerabilities
2009-06-25 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-06-18 00:00:00
icedove - several vulnerabilities
2009-07-12 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.0.11) — Mozilla
2009-06-11 00:00:00
JavaScript chrome privilege escalation — Mozilla
2009-06-11 00:00:00
seebug
seebug
Mozilla Firefox和SeaMonkey JavaScript Chrome特权提升漏洞
2009-06-18 00:00:00
cve
cve
CVE-2009-2210
2009-06-25 17:30:00
CVE-2009-1392
2009-06-12 21:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:33:17
Arbitrary Code Execution
2020-04-10 00:33:44
Arbitrary Code Execution
2020-04-10 00:33:03
prion
prion
Design/Logic Flaw
2009-06-25 17:30:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Mozilla Firefox Browser Engine Memory Corruption
2010-03-25 00:00:00
ubuntucve
ubuntucve
CVE-2009-1392
2009-06-12 00:00:00
CVE-2009-1841
2009-06-12 00:00:00
JSON
Related for SEAMONKEY_1117.NASL
nessus43openvas79fedora41oraclelinux4centos4redhat5debian2suse1freebsd1securityvulns3ubuntu2osv2mozilla2seebug1cve2veracode3prion1checkpoint_advisories1ubuntucve2