Lucene search
K

SeaMonkey < 2.23 Multiple Vulnerabilities

🗓️ 11 Dec 2013 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 34 Views

SeaMonkey < 2.23 Multiple Vulnerabilities: Memory issues, cross-site scripting, sandbox bypass, use-after-free vulnerabilities, JPEG format issues, certificate trust settings ignore

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Mozilla firefox vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6
18 Jun 201800:07
ibm
IBM Security Bulletins
Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS
3 Jun 202214:32
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
15 Jun 201807:00
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for IBM Support Assistant April 2014 CPU
15 Jun 201807:03
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM SDK for Java included with IBM Forms Viewer
16 Jun 201819:52
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - April 2014
18 Jun 201800:08
ibm
IBM Security Bulletins
Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.
17 Nov 202215:02
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Rational Functional Tester due to IBM SDK, Java Technology Edition Version 1.6 and IBM SDK, Java Technology Edition Version 1.7
29 Sep 201820:06
ibm
IBM Security Bulletins
Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6671, CVE-2013-6672, CVE
18 Jun 201800:07
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)
28 Apr 202118:35
ibm
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(71349);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/27");

  script_cve_id(
    "CVE-2013-5609",
    "CVE-2013-5610",
    "CVE-2013-5612",
    "CVE-2013-5613",
    "CVE-2013-5614",
    "CVE-2013-5615",
    "CVE-2013-5616",
    "CVE-2013-5618",
    "CVE-2013-5619",
    "CVE-2013-6629",
    "CVE-2013-6630",
    "CVE-2013-6671",
    "CVE-2013-6673"
  );
  script_bugtraq_id(
    63676,
    64203,
    64204,
    64205,
    64206,
    64207,
    64209,
    64211,
    64212,
    64213,
    64215,
    64216,
    67679
  );

  script_name(english:"SeaMonkey < 2.23 Multiple Vulnerabilities");
  script_summary(english:"Checks version of SeaMonkey");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is potentially
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of SeaMonkey is earlier than 2.23 and is,
therefore, potentially affected by the following vulnerabilities :

  - Memory issues exist in the browser engine that could
    result in a denial of service or arbitrary code
    execution. (CVE-2013-5609, CVE-2013-5610)

  - Cross-site scripting filtering evasion may be possible
    due to character encodings being inherited from a
    previously visited website when character set encoding
    is missing from the current website. (CVE-2013-5612)

  - Two use-after-free vulnerabilities exist in the
    functions for synthetic mouse movement handling.
    (CVE-2013-5613)

  - Sandbox restrictions may be bypassed because 'iframe
    sandbox' restrictions are not properly applied to
    'object' elements in sandboxed iframes. (CVE-2013-5614)

  - An issue exists in which 'GetElementIC' typed array
    stubs can be generated outside observed typesets. This
    could lead to unpredictable behavior with a potential
    security impact. (CVE-2013-5615)

  - A use-after-free vulnerability exists when
    interacting with event listeners from the mListeners
    array.  This could result in a denial of service or
    arbitrary code execution. (CVE-2013-5616)

  - A use-after-free vulnerability exists in the table
    editing user interface of the editor during garbage
    collection.  This could result in a denial of service or
    arbitrary code execution. (CVE-2013-5618)

  - Memory issues exist in the binary search algorithms in
    the SpiderMonkey JavaScript engine that could result in
    a denial of service or arbitrary code execution.
    (CVE-2013-5619)

  - Issues exist with the JPEG format image processing with
    Start Of Scan (SOS) and Define Huffman Table (DHT)
    markers in the 'libjpeg' library.  This could allow
    attackers to read arbitrary memory content as well as
    cross-domain image theft. (CVE-2013-6629, CVE-2013-6630)

  - A memory issue exists when inserting an ordered list
    into a document through a script that could result in a
    denial of service or arbitrary code execution.
    (CVE-2013-6671)

  - Trust settings for built-in root certificates are
    ignored during extended validation (EV) certificate
    validation.  This removes the ability of users to
    explicitly untrust root certificates from specific
    certificate authorities. (CVE-2013-6673)

  - An intermediate certificate that is used by a man-in-
    the-middle (MITM) traffic management device exists in
    Mozilla's root certificate authorities.  Reportedly,
    this certificate has been misused.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-104/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-106/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-107/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-108/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-109/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-110/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-111/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-113/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-114/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-115/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-116/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-117/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to SeaMonkey 2.23 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5618");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("installed_sw/SeaMonkey");

  exit(0);
}
include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'SeaMonkey', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '2.23'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE, flags:{'xss': TRUE});
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation