Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.SEAMONKEY_2_26_1.NASL
HistoryAug 20, 2014 - 12:00 a.m.

SeaMonkey < 2.26.1 Multiple Vulnerabilities

2014-08-2000:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
17
JSON

The installed version of SeaMonkey is a version prior to 2.26.1. It is, therefore, affected by the following vulnerabilities :

  • There are multiple memory safety bugs in the browser engine. Several of these bugs show evidence of memory corruption, which may allow an attacker to execute arbitrary code. (CVE-2014-1533, CVE-2014-1534)

  • There are multiple use-after-free and out of bounds read issues. These issues have the potential to be exploited, resulting in remote code execution.
    (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)

  • A use-after-free error exists in the SMIL Animation Controller when interacting with and rendering improperly formed web content. This may result in a potentially exploitable crash. (CVE-2014-1541)

  • A use-after-free flaw exists in the event listener manager that can be triggered by web content. This may result in a potentially exploitable crash.
    (CVE-2014-1540)

  • A flaw exists in the Speex resample in Web Audio that results in a buffer overflow when working with audio content that exceeds the expected bounds. This flaw results in a potentially exploitable crash.
    (CVE-2014-1542)

  • There exists a buffer overflow in the Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This flaw results in a potentially exploitable crash. (CVE-2014-1543)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77283);
  script_version("1.5");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id(
    "CVE-2014-1533",
    "CVE-2014-1534",
    "CVE-2014-1536",
    "CVE-2014-1537",
    "CVE-2014-1538",
    "CVE-2014-1540",
    "CVE-2014-1541",
    "CVE-2014-1542",
    "CVE-2014-1543"
  );
  script_bugtraq_id(
    67969,
    67968,
    67979,
    67978,
    67966,
    67971,
    67976,
    67965,
    67964
  );

  script_name(english:"SeaMonkey < 2.26.1 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of SeaMonkey.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of SeaMonkey is a version prior to 2.26.1. It
is, therefore, affected by the following vulnerabilities :

  - There are multiple memory safety bugs in the browser
    engine. Several of these bugs show evidence of
    memory corruption, which may allow an attacker to
    execute arbitrary code. (CVE-2014-1533, CVE-2014-1534)

  - There are multiple use-after-free and out of bounds
    read issues. These issues have the potential to be
    exploited, resulting in remote code execution.
    (CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)

  - A use-after-free error exists in the SMIL Animation
    Controller when interacting with and rendering
    improperly formed web content. This may result in a
    potentially exploitable crash. (CVE-2014-1541)

  - A use-after-free flaw exists in the event listener
    manager that can be triggered by web content. This may
    result in a potentially exploitable crash.
    (CVE-2014-1540)

  - A flaw exists in the Speex resample in Web Audio that
    results in a buffer overflow when working with audio
    content that exceeds the expected bounds. This flaw
    results in a potentially exploitable crash.
    (CVE-2014-1542)

  - There exists a buffer overflow in the Gamepad API when
    it is exercised with a gamepad device with
    non-contiguous axes. This flaw results in a potentially
    exploitable crash. (CVE-2014-1543)");

  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-48/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-49/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-51/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-52/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-53/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-54/");

  script_set_attribute(attribute:"solution", value:"Upgrade to SeaMonkey 2.26.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("SeaMonkey/Version");
  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/SeaMonkey/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");

mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.26.1', severity:SECURITY_HOLE, xss:FALSE);
VendorProductVersionCPE
mozillaseamonkeycpe:/a:mozilla:seamonkey

References

Related

openvas 37
nessus 27
ubuntu 2
freebsd 1
securityvulns 2
suse 6
veracode 3
mageia 2
centos 2
oraclelinux 2
mozilla 6
redhat 2
osv 2
debian 2
prion 9
cve 9
ubuntucve 9
ibm 2
gentoo 1
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities-01 (Jul 2014) - Windows
2014-07-01 00:00:00
Ubuntu: Security Advisory (USN-2243-1)
2014-06-17 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Jul 2014) - Mac OS X
2014-07-01 00:00:00
nessus
nessus
Firefox < 30.0 Multiple Vulnerabilities
2014-06-11 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2243-1)
2014-06-12 00:00:00
Mozilla Firefox < 30.0 Multiple Vulnerabilities
2014-06-10 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2014-06-11 00:00:00
Thunderbird vulnerabilities
2014-06-19 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-06-10 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-06-13 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
suse
suse
Mozilla updates 2014/06 (critical)
2014-06-16 08:04:13
Security update for Mozilla Firefox (important)
2014-07-17 02:04:25
Security update for MozillaFirefox (important)
2014-06-25 00:04:17
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:34
Use-After-Free
2019-05-02 04:58:34
Remote Code Execution (RCE)
2019-01-15 08:53:46
mageia
mageia
Updated firefox & thunderbird packages fix multiple security vulnerabilities
2014-06-11 21:13:59
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
centos
centos
firefox security update
2014-06-11 10:49:01
thunderbird security update
2014-06-11 10:54:29
oraclelinux
oraclelinux
thunderbird security update
2014-06-10 00:00:00
firefox security update
2014-06-10 00:00:00
mozilla
mozilla
Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla
2014-06-10 00:00:00
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla
2014-06-10 00:00:00
Buffer overflow in Web Audio Speex resampler — Mozilla
2014-06-10 00:00:00
redhat
redhat
(RHSA-2014:0741) Critical: firefox security update
2014-06-10 00:00:00
(RHSA-2014:0742) Important: thunderbird security update
2014-06-10 00:00:00
osv
osv
iceweasel - security update
2014-06-11 00:00:00
icedove - security update
2014-06-16 00:00:00
debian
debian
[SECURITY] [DSA 2955-1] iceweasel security update
2014-06-11 14:33:41
[SECURITY] [DSA 2960-1] icedove security update
2014-06-16 17:13:24
prion
prion
Buffer overflow
2014-06-11 10:57:00
Design/Logic Flaw
2014-06-11 10:57:00
Out-of-bounds
2014-06-11 10:57:00
cve
cve
CVE-2014-1542
2014-06-11 10:57:00
CVE-2014-1536
2014-06-11 10:57:00
CVE-2014-1543
2014-06-11 10:57:00
ubuntucve
ubuntucve
CVE-2014-1542
2014-06-11 00:00:00
CVE-2014-1540
2014-06-11 00:00:00
CVE-2014-1543
2014-06-11 00:00:00
ibm
ibm
Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:33
Security Bulletin: IBM Storwize V7000 Unified security vulnerabilities related to Mozilla Firefox (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:28
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for SEAMONKEY_2_26_1.NASL
openvas37nessus27ubuntu2freebsd1securityvulns2suse6veracode3mageia2centos2oraclelinux2mozilla6redhat2osv2debian2prion9cve9ubuntucve9ibm2gentoo1