Remote Code Execution (RCE)

2020-04-1000:36:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

SeaMonkey is vulnerable to Remote Code Execution (RCE). Due to a flaw found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected.

CPENameOperatorVersion
seamonkeyeq1.0.9__0.17.el3
seamonkeyeq1.0.9__0.25.el3
seamonkeyeq1.0.9__7.el4
seamonkeyeq1.0.9__32.el4
seamonkeyeq1.0.9__0.7.el3
seamonkeyeq1.0.9__45.el4_8
seamonkeyeq1.0.7__0.1.el4
seamonkeyeq1.0.9__0.22.el3
seamonkeyeq1.0.8__0.2.el4
seamonkeyeq1.0.9__15.el4

Name	Operator	Version
seamonkey	eq	1.0.9__0.17.el3
seamonkey	eq	1.0.9__0.25.el3
seamonkey	eq	1.0.9__7.el4
seamonkey	eq	1.0.9__32.el4
seamonkey	eq	1.0.9__0.7.el3
seamonkey	eq	1.0.9__45.el4_8
seamonkey	eq	1.0.7__0.1.el4
seamonkey	eq	1.0.9__0.22.el3
seamonkey	eq	1.0.8__0.2.el4
seamonkey	eq	1.0.9__15.el4