Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310805223HistoryDec 16, 2014 - 12:00 a.m.
SeaMonkey Multiple Vulnerabilities-01 (Dec 2014) - Windows
2014-12-1600:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
11
4.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.119 Low
EPSS
Percentile
95.3%
SeaMonkey is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:mozilla:seamonkey";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.805223");
script_version("2024-02-09T05:06:25+0000");
script_cve_id("CVE-2014-1594", "CVE-2014-1593", "CVE-2014-1592", "CVE-2014-1590",
"CVE-2014-1589", "CVE-2014-1588", "CVE-2014-1587", "CVE-2014-8632",
"CVE-2014-8631", "CVE-2014-1591");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"creation_date", value:"2014-12-16 11:56:05 +0530 (Tue, 16 Dec 2014)");
script_name("SeaMonkey Multiple Vulnerabilities-01 (Dec 2014) - Windows");
script_tag(name:"summary", value:"SeaMonkey is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to:
- A bad cast issue from the BasicThebesLayer to BasicContainerLayer.
- An error when parsing media content within the 'mozilla::FileBlockCache::Read'
function.
- A use-after-free error when parsing certain HTML within the
'nsHtml5TreeOperation' class.
- An error that is triggered when handling JavaScript objects that are passed
to XMLHttpRequest that mimics an input stream.
- An error that is triggered when handling a CSS stylesheet that has its namespace
improperly declared.
- Multiple unspecified errors.
- An error when filtering object properties via XrayWrappers.
- An error when passing Chrome Object Wrappers (COW) protected chrome objects as
native interfaces.
- An error when handling Content Security Policy (CSP) violation reports
triggered by a redirect.");
script_tag(name:"impact", value:"Successful exploitation will allow attackers
to disclose potentially sensitive information, compromise a user's system, bypass
certain security restrictions and other unknown impacts.");
script_tag(name:"affected", value:"SeaMonkey version before 2.31 on Windows.");
script_tag(name:"solution", value:"Upgrade to SeaMonkey version 2.31 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"registry");
script_xref(name:"URL", value:"http://secunia.com/advisories/60558");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71391");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71392");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71393");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71395");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71396");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71397");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71398");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71399");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71556");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71560");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-83");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-84");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("General");
script_dependencies("gb_seamonkey_detect_win.nasl");
script_mandatory_keys("Seamonkey/Win/Ver");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!smVer = get_app_version(cpe:CPE)){
exit(0);
}
if(version_is_less(version:smVer, test_version:"2.31"))
{
report = report_fixed_ver(installed_version:smVer, fixed_version:"2.31");
security_message(port:0, data:report);
exit(0);
}
References
secunia.com/advisories/60558
www.securityfocus.com/bid/71391
www.securityfocus.com/bid/71392
www.securityfocus.com/bid/71393
www.securityfocus.com/bid/71395
www.securityfocus.com/bid/71396
www.securityfocus.com/bid/71397
www.securityfocus.com/bid/71398
www.securityfocus.com/bid/71399
www.securityfocus.com/bid/71556
www.securityfocus.com/bid/71560
www.mozilla.org/en-US/security/advisories/mfsa2014-83
www.mozilla.org/en-US/security/advisories/mfsa2014-84
Related
mageia
mageia
Updated iceape package fixes security vulnerabilities
2014-12-09 23:12:41
Updated firefox & thunderbird packages fix security vulnerabilities
2014-12-03 22:27:32
archlinux
archlinux
firefox: multiple issues
2014-12-03 00:00:00
openvas
openvas
SeaMonkey Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
2014-12-16 00:00:00
Mageia: Security Advisory (MGASA-2014-0518)
2022-01-28 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Dec 2014) - Windows
2014-12-16 00:00:00
nessus
nessus
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1581-1)
2014-12-08 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2424-1)
2014-12-03 00:00:00
openSUSE Security Update : seamonkey (openSUSE-SU-2014:1656-1)
2014-12-18 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2014-12-02 00:00:00
Thunderbird vulnerabilities
2014-12-03 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-12-08 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2014-12-12 03:05:16
Firefox update to latest 31ESR release (important)
2015-01-25 16:04:59
Mozilla (Firefox/Thunderbird) updates to 31.8.0 (important)
2015-07-18 19:07:56
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-12-01 00:00:00
osv
osv
iceweasel - security update
2014-12-04 00:00:00
icedove - security update
2014-12-07 00:00:00
redhat
redhat
(RHSA-2014:1924) Important: thunderbird security update
2014-12-02 00:00:00
(RHSA-2014:1919) Critical: firefox security update
2014-12-02 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2014-12-02 00:00:00
firefox security update
2014-12-03 00:00:00
debian
debian
[SECURITY] [DSA 3092-1] icedove security update
2014-12-07 19:07:31
[SECURITY] [DSA 3090-1] iceweasel security update
2014-12-04 15:30:29
centos
centos
firefox security update
2014-12-03 22:51:38
thunderbird security update
2014-12-03 22:57:24
mozilla
mozilla
Miscellaneous memory safety hazards (rv:34.0 / rv:31.3) — Mozilla
2014-12-02 00:00:00
Privileged access to security wrapped protected objects — Mozilla
2014-12-02 00:00:00
CSP leaks redirect data via violation reports — Mozilla
2014-12-02 00:00:00
prion
prion
Memory corruption
2014-12-11 11:59:00
Design/Logic Flaw
2014-12-11 11:59:00
Design/Logic Flaw
2014-12-11 11:59:00
cve
cve
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:05:37
Arbitrary Code Execution
2019-05-02 05:05:37
Arbitrary Code Execution
2019-05-02 05:05:37
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
4.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.119 Low
EPSS
Percentile
95.3%
Related for OPENVAS:1361412562310805223