Unauthorized Replacement

2020-04-1000:36:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

JSON

SeaMonkey is vulnerable to unauthorized replacement. Due to a law found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents.

CPENameOperatorVersion
seamonkeyeq1.0.9__0.17.el3
seamonkeyeq1.0.9__0.25.el3
seamonkeyeq1.0.9__7.el4
seamonkeyeq1.0.9__32.el4
seamonkeyeq1.0.9__0.7.el3
seamonkeyeq1.0.9__45.el4_8
seamonkeyeq1.0.7__0.1.el4
seamonkeyeq1.0.9__0.22.el3
seamonkeyeq1.0.8__0.2.el4
seamonkeyeq1.0.9__15.el4

Name	Operator	Version
seamonkey	eq	1.0.9__0.17.el3
seamonkey	eq	1.0.9__0.25.el3
seamonkey	eq	1.0.9__7.el4
seamonkey	eq	1.0.9__32.el4
seamonkey	eq	1.0.9__0.7.el3
seamonkey	eq	1.0.9__45.el4_8
seamonkey	eq	1.0.7__0.1.el4
seamonkey	eq	1.0.9__0.22.el3
seamonkey	eq	1.0.8__0.2.el4
seamonkey	eq	1.0.9__15.el4