Lucene search
Mozilla Seamonkey Security Bypass Vulnerabilities - Oct 12 (Mac OS X)
🗓️ 12 Jul 2013 00:00:00Reported by Copyright (C) 2012 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 24 Views
Mozilla Seamonkey Security Bypass Vulnerabilities - Oct 12 (Mac OS X). Successful exploitation allows attackers to bypass Same Origin Policy and read Location object properties via a crafted website. SeaMonkey versions before 2.13.1 on Mac OS X are affected. Security wrappers are unwrapped without a security check in defaultValue() allowing improper access to Location object. Upgrade to SeaMonkey version 2.13.1 or later. The host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities
Show more
| Reporter | Title | Published | Views | Family All 105 |
|---|---|---|---|---|
 | CVE-2012-4192 | 12 Oct 201210:44 | – | cve |
| CVE-2012-4193 | 12 Oct 201210:44 | – | cve |
| Mozilla Thunderbird ESR Security Bypass Vulnerabilities (Oct 2012) - Mac OS X | 12 Jul 201300:00 | – | openvas |
| Mozilla Firefox ESR Security Bypass Vulnerabilities - Oct 12 (Windows) | 12 Jul 201300:00 | – | openvas |
| Mozilla Thunderbird Security Bypass Vulnerabilities - Oct 12 (Windows) | 12 Jul 201300:00 | – | openvas |
| Mozilla Seamonkey Security Bypass Vulnerabilities - Oct 12 (Windows) | 12 Jul 201300:00 | – | openvas |
| Mozilla Firefox ESR Security Bypass Vulnerabilities - Oct 12 (Mac OS X) | 12 Jul 201300:00 | – | openvas |
| Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) | 15 Oct 201200:00 | – | openvas |
| Mozilla Firefox Security Advisory (MFSA2012-89) - Linux | 11 Nov 202100:00 | – | openvas |
| Mozilla Thunderbird ESR Security Bypass Vulnerabilities - Oct 12 (Mac OS X) | 12 Jul 201300:00 | – | openvas |
10
| Source | Link |
|---|---|
| mozilla | www.mozilla.org/security/announce/2012/mfsa2012-89.html |
| secunia | www.secunia.com/advisories/50856 |
| secunia | www.secunia.com/advisories/50935 |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_mozilla_seamonkey_sec_bypass_vuln_oct12_macosx.nasl 6115 2017-05-12 09:03:25Z teissa $
#
# Mozilla Seamonkey Security Bypass Vulnerabilities - Oct 12 (Mac OS X)
#
# Authors:
# Arun Kallavi <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will let attackers to bypass the Same Origin Policy
and read the properties of a Location object via a crafted web site.
Impact Level: Application";
tag_affected = "SeaMonkey versions before 2.13.1 on Mac OS X";
tag_insight = "Security wrappers are unwrapped without doing a security check in
defaultValue(). This can allow for improper access to the Location object.";
tag_solution = "Upgrade to SeaMonkey version 2.13.1 or later
For updates refer to http://www.mozilla.org/projects/seamonkey";
tag_summary = "The host is installed with Mozilla Seamonkey and is prone to multiple
vulnerabilities.";
if(description)
{
script_id(803674);
script_version("$Revision: 6115 $");
script_cve_id("CVE-2012-4192", "CVE-2012-4193");
script_bugtraq_id(55889);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"$Date: 2017-05-12 11:03:25 +0200 (Fri, 12 May 2017) $");
script_tag(name:"creation_date", value:"2013-07-12 13:10:26 +0530 (Fri, 12 Jul 2013)");
script_name("Mozilla Seamonkey Security Bypass Vulnerabilities - Oct 12 (Mac OS X)");
script_xref(name : "URL" , value : "http://secunia.com/advisories/50856");
script_xref(name : "URL" , value : "http://secunia.com/advisories/50935");
script_xref(name : "URL" , value : "http://www.mozilla.org/security/announce/2012/mfsa2012-89.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
script_mandatory_keys("SeaMonkey/MacOSX/Version");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
# Variable Initialization
seaVer = "";
# SeaMonkey Check
seaVer = get_kb_item("SeaMonkey/MacOSX/Version");
if(seaVer)
{
# Grep for SeaMonkey version
if(version_is_less(version:seaVer, test_version:"2.13.1"))
{
security_message(0);
exit(0);
}
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo12 Jul 2013 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.01406