Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SeaMonkey < 2.0.6 Multiple Vulnerabilities

🗓️ 21 Jul 2010 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 248 Views

SeaMonkey < 2.0.6 Multiple Vulnerabilities including memory safety bugs and code execution risk

Related
Refs
Code
ReporterTitlePublishedViews
Family
ALT Linux		Security fix for the ALT Linux 5 package libpng version 1.2.44-alt1
29 Jun 201000:00
altlinux
ALT Linux		Security fix for the ALT Linux 6 package libpng version 1.2.44-alt1
29 Jun 201000:00
altlinux
0day.today		libpng <= 1.4.2 Denial of Service Vulnerability
20 Jul 201000:00
zdt
0day.today		Firefox Plugin Parameter EnsureCachedAttrParamArrays Code Execution
18 Sep 201000:00
zdt
0day.today		Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
26 Sep 201000:00
zdt
IBM Security Bulletins		Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS
3 Jun 202214:32
ibm
IBM Security Bulletins		Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool.
12 Aug 202008:19
ibm
Tenable Nessus		Mozilla Firefox 3.5.x < 3.5.11 Multiple Vulnerabilities
21 Jul 201000:00
nessus
Tenable Nessus		Mozilla Firefox 3.6.x < 3.6.7 Multiple Vulnerabilities
21 Jul 201000:00
nessus
Tenable Nessus		Mozilla Thunderbird 3.0.x < 3.0.6 Multiple Vulnerabilities
21 Jul 201000:00
nessus
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(47785);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/27");

  script_cve_id(
    "CVE-2010-0654",
    "CVE-2010-1205",
    "CVE-2010-1206",
    "CVE-2010-1208",
    "CVE-2010-1209",
    "CVE-2010-1211",
    "CVE-2010-1212",
    "CVE-2010-1214",
    "CVE-2010-2751",
    "CVE-2010-2752",
    "CVE-2010-2753",
    "CVE-2010-2754"
  );
  script_bugtraq_id(
    41842,
    41845,
    41849,
    41852,
    41853,
    41859,
    41860,
    41865,
    41871,
    41872,
    41968
  );
  script_xref(name:"Secunia", value:"40688");

  script_name(english:"SeaMonkey < 2.0.6 Multiple Vulnerabilities ");
  script_summary(english:"Checks version of SeaMonkey");

  script_set_attribute(attribute:"synopsis",value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities."
  );
  script_set_attribute(attribute:"description",value:
"The installed version of SeaMonkey is earlier than 2.0.6.  Such
versions are potentially affected by the following security issues :

  - Multiple memory safety bugs could result in memory
    corruption, potentially resulting in arbitrary code
    execution. (MFSA 2010-34)

  - An error in DOM attribute cloning could result in
    arbitrary code execution. (MFSA 2010-35)

  - An error in Mozilla's 'NodeIterator' implementation
    could lead to arbitrary code execution. (MFSA 2010-36)

  - An error in the code to store the names and values of
    plugin parameters could lead arbitrary code execution.
    (MFSA 2010-37)

  - The array class used to store CSS values is affected
    by an integer overflow vulnerability. (MFSA 2010-39)

  - An integer overflow vulnerability exists in the
    'selection' attribute of XUL <tree> element.
    (MFSA 2010-40)

  - A buffer overflow vulnerability in Mozilla graphics
    code could lead to arbitrary code execution.
    (MFSA 2010-41)

  - It is possible to read and parse resources from other
    domains even when the content is not valid JavaScript
    leading to cross-domain data disclosure. (MFSA 2010-42)

  - Multiple location bar spoofing vulnerabilities exist.
    (MFSA 2010-45)

  - It is possible to read data across domains by
    injecting bogus CSS selectors into a target site.
    (MFSA 2010-46)

  - Potentially sensitive URL parameters could be leaked
    across domains via script errors. (MFSA 2010-47)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/");
  script_set_attribute(attribute:"solution", value:"Upgrade to SeaMonkey 2.0.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-2754");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(94);
  script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/23"); # (MFSA 2010-46)
  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/21");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2026 Tenable Network Security, Inc.");
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("installed_sw/SeaMonkey");
  exit(0);
}
include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'SeaMonkey', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '2.0.6'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 May 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 29.3
CVSS 3.19.8
EPSS0.14816
seamonkeyvulnerabilitiesmemory safetycode executiondom attributenodeiteratorplugin parametersbuffer overflowcross-domain data disclosurelocation bar spoofingurl parameters
248