Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.SEAMONKEY_1119.NASL
HistoryMar 19, 2010 - 12:00 a.m.

SeaMonkey < 1.1.19 Multiple Vulnerabilities

2010-03-1900:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
22
JSON

The installed version of SeaMonkey is earlier than 1.1.19. Such versions are potentially affected by the following security issues :

  • The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49)

  • A heap-based buffer overflow exists in Mozilla’s string to floating point number conversion routines. (MFSA 2009-59)

  • It is possible to obfuscate the name of files to be downloaded by using a right-to-left override character (RTL). (MFSA 2009-62)

  • Mozilla’s NTLM implementation is vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitrary application. (MFSA 2009-68)

  • Scriptable plugin content, such as Flash objects, can be loaded and executed by embedding the content in an iframe inside the message. (MFSA 2010-06)

  • Multiple memory corruption vulnerabilities exist that may result in the execution of arbitrary code. (MFSA 2010-07)

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(45111);
  script_version("1.15");

  script_cve_id(
    "CVE-2009-0689",
    "CVE-2009-2463",
    "CVE-2009-2072",
    "CVE-2009-3075",
    "CVE-2009-3077",
    "CVE-2009-3385",
    "CVE-2009-3983",
    "CVE-2010-0161", 
    "CVE-2010-0163"
  );
  script_bugtraq_id(37366, 38830, 38831);
  script_xref(name:"Secunia", value:"39001");

  script_name(english:"SeaMonkey < 1.1.19 Multiple Vulnerabilities");
  script_summary(english:"Checks version of SeaMonkey");

  script_set_attribute(attribute:"synopsis",value:
"A web browser on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description",value:
"The installed version of SeaMonkey is earlier than 1.1.19.  Such
versions are potentially affected by the following security issues :
  
  - The columns of a XUL tree element can be manipulated in
    a particular way that would leave a pointer owned by
    the column pointing to freed memory. (MFSA 2009-49)

  - A heap-based buffer overflow exists in Mozilla's string
    to floating point number conversion routines. 
    (MFSA 2009-59)

  - It is possible to obfuscate the name of files to be
    downloaded by using a right-to-left override character
    (RTL). (MFSA 2009-62)

  - Mozilla's NTLM implementation is vulnerable to 
    reflection attacks in which NTLM credentials from one
    application could be forwarded to another arbitrary 
    application. (MFSA 2009-68)

  - Scriptable plugin content, such as Flash objects, can be
    loaded and executed by embedding the content in an 
    iframe inside the message. (MFSA 2010-06)

  - Multiple memory corruption vulnerabilities exist that
    may result in the execution of arbitrary code. 
    (MFSA 2010-07)");

  script_set_attribute(attribute:"see_also",value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-06/");
  script_set_attribute(attribute:"see_also",value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07/");
  script_set_attribute(attribute:"see_also",value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-68/");
  script_set_attribute(attribute:"see_also",value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62/");
  script_set_attribute(attribute:"see_also",value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59/");
  script_set_attribute(attribute:"see_also",value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-49/");
  script_set_attribute(attribute:"solution",value:
"Upgrade to SeaMonkey 2.0.3 / 1.1.19 or later. 

Note that 1.1.19 is a legacy release and is affected by known
vulnerabilities.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(94, 119, 189, 287);

  script_set_attribute(attribute:"vuln_publication_date",value:"2010/09/09");
  script_set_attribute(attribute:"patch_publication_date",value:"2010/03/16");
  script_set_attribute(attribute:"plugin_publication_date",value:"2010/03/19");
 script_cvs_date("Date: 2018/07/27 18:38:15");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("SeaMonkey/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/SeaMonkey/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");

mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.19', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillaseamonkeycpe:/a:mozilla:seamonkey

References

Related

openvas 50
nessus 46
freebsd 2
fedora 2
ubuntu 2
securityvulns 11
mozilla 5
seebug 7
debian 5
osv 4
prion 9
veracode 7
ubuntucve 8
cve 9
redhat 6
packetstorm 8
opera 1
debiancve 2
centos 5
oraclelinux 3
mageia 1
zdi 1
threatpost 1
checkpoint_advisories 1
chrome 1
exploitpack 1
exploitdb 1
openvas
openvas
FreeBSD Ports: seamonkey, linux-seamonkey
2010-03-30 00:00:00
Fedora Update for seamonkey FEDORA-2010-7100
2010-04-29 00:00:00
Fedora Update for seamonkey FEDORA-2010-7100
2010-04-29 00:00:00
nessus
nessus
Fedora 11 : seamonkey-1.1.19-1.fc11 (2010-7100)
2010-07-01 00:00:00
FreeBSD : mozilla -- multiple vulnerabilities (56cfe192-329f-11df-abb2-000f20797ede)
2010-03-22 00:00:00
openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)
2010-05-20 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-03-16 00:00:00
mono -- DoS and code execution
2015-12-19 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: seamonkey-1.1.19-1.fc11
2010-04-21 21:53:31
[SECURITY] Fedora 23 Update: mono-4.0.5-2.fc23
2015-12-29 22:26:22
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-03-18 00:00:00
KDE vulnerabilities
2009-12-11 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-07
2010-04-06 00:00:00
Mozilla Foundation Security Advisory 2010-06
2010-04-06 00:00:00
Sun Solaris 10 libc/*convert &#40;*cvt&#41; buffer overflow
2010-05-27 00:00:00
mozilla
mozilla
Fixes for potentially exploitable crashes ported to the legacy branch — Mozilla
2010-03-16 00:00:00
Scriptable plugin execution in SeaMonkey mail — Mozilla
2010-03-16 00:00:00
NTLM reflection vulnerability — Mozilla
2009-12-15 00:00:00
seebug
seebug
Mozilla Thunderbird多个拒绝服务漏洞
2010-03-23 00:00:00
多个BSD系统gdtoa/misc.c文件内存破坏漏洞
2009-06-30 00:00:00
Sun Solaris多个libc库数字转换函数缓冲区溢出漏洞
2010-05-25 00:00:00
debian
debian
[Backports-security-announce] Security Update for nsrp
2010-07-21 08:26:53
[Backports-security-announce] Security Update for nsrp
2010-07-21 08:24:14
[SECURITY] [DSA 2025-1] New icedove packages fix several vulnerabilities
2010-03-31 08:41:27
osv
osv
icedove - several vulnerabilities
2010-03-31 00:00:00
mono - security update
2018-11-01 00:00:00
mono - security update
2015-12-30 00:00:00
prion
prion
Design/Logic Flaw
2010-03-23 00:53:00
Design/Logic Flaw
2009-06-15 19:30:00
Memory corruption
2010-03-23 00:53:00
veracode
veracode
Information Disclosure
2020-04-10 00:36:54
Denial Of Service (DoS)
2020-04-10 00:43:28
Replay Attack
2020-04-10 00:40:52
ubuntucve
ubuntucve
CVE-2009-3385
2010-03-23 00:00:00
CVE-2010-0163
2010-03-18 00:00:00
CVE-2010-0161
2010-03-23 00:00:00
cve
cve
CVE-2009-2072
2009-06-15 19:30:00
CVE-2010-0161
2010-03-23 00:53:00
CVE-2009-3385
2010-03-23 00:53:00
redhat
redhat
(RHSA-2009:1601) Critical: kdelibs security update
2009-11-24 00:00:00
(RHSA-2009:1431) Critical: seamonkey security update
2009-09-09 00:00:00
(RHSA-2010:0154) Moderate: thunderbird security update
2010-03-17 00:00:00
packetstorm
packetstorm
Flock 2.5.2 Remote Array Overrun
2009-12-12 00:00:00
J 6.02.023 Array Overrun
2010-01-09 00:00:00
Matlab R2009b Array Overrun
2010-01-09 00:00:00
opera
opera
Heap buffer overflow in string to number conversion
2009-11-20 00:00:00
debiancve
debiancve
CVE-2009-0689
2009-07-01 13:00:00
CVE-2009-2463
2009-07-22 18:30:00
centos
centos
seamonkey security update
2009-09-10 22:51:03
thunderbird security update
2010-03-17 18:24:23
thunderbird security update
2010-03-26 20:37:29
oraclelinux
oraclelinux
seamonkey security update
2009-09-10 00:00:00
thunderbird security update
2010-03-17 00:00:00
kdelibs security update
2009-11-24 00:00:00
mageia
mageia
Updated mono packages fix security vulnerability
2016-01-14 04:44:39
zdi
zdi
Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
2009-09-10 00:00:00
threatpost
threatpost
'High Risk' Flaw Fixed in Google Chrome
2009-10-06 22:32:02
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products JavaScript String Replace Buffer Overflow (CVE-2009-3075)
2010-05-26 00:00:00
chrome
chrome
Stable Channel Update
2009-09-30 00:00:00
exploitpack
exploitpack
Sunbird 0.9 - Array Overrun Code Execution
2009-12-11 00:00:00
exploitdb
exploitdb
Sunbird 0.9 - Array Overrun Code Execution
2009-12-11 00:00:00
JSON
Related for SEAMONKEY_1119.NASL
openvas50nessus46freebsd2fedora2ubuntu2securityvulns11mozilla5seebug7debian5osv4prion9veracode7ubuntucve8cve9redhat6packetstorm8opera1debiancve2centos5oraclelinux3mageia1zdi1threatpost1checkpoint_advisories1chrome1exploitpack1exploitdb1