Veracode Vulnerability DatabaseVERACODE:24153Arbitrary Code Execution
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
seamonkey is vulnerable to arbitrary code execution. The vulnerability exists through a race condition flaw was found in the way SeaMonkey handled Document Object Model (DOM) element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey.
References
blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
isc.sans.edu/diary.html?storyid=9817
lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
secunia.com/advisories/41761
secunia.com/advisories/41965
secunia.com/advisories/41966
secunia.com/advisories/41969
secunia.com/advisories/41975
secunia.com/advisories/42003
secunia.com/advisories/42008
secunia.com/advisories/42043
secunia.com/advisories/42867
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
support.avaya.com/css/P8/documents/100114329
support.avaya.com/css/P8/documents/100114335
www.debian.org/security/2010/dsa-2124
www.exploit-db.com/exploits/15341
www.exploit-db.com/exploits/15342
www.exploit-db.com/exploits/15352
www.mandriva.com/security/advisories?name=MDVSA-2010:213
www.mandriva.com/security/advisories?name=MDVSA-2010:219
www.mozilla.org/security/announce/2010/mfsa2010-73.html
www.norman.com/about_norman/press_center/news_archive/2010/129223/
www.norman.com/security_center/virus_description_archive/129146/
www.redhat.com/security/updates/classification/#critical
www.redhat.com/support/errata/RHSA-2010-0808.html
www.redhat.com/support/errata/RHSA-2010-0809.html
www.redhat.com/support/errata/RHSA-2010-0810.html
www.redhat.com/support/errata/RHSA-2010-0861.html
www.redhat.com/support/errata/RHSA-2010-0896.html
www.securityfocus.com/bid/44425
www.securitytracker.com/id?1024645
www.securitytracker.com/id?1024650
www.securitytracker.com/id?1024651
www.ubuntu.com/usn/usn-1011-1
www.ubuntu.com/usn/USN-1011-2
www.ubuntu.com/usn/USN-1011-3
www.vupen.com/english/advisories/2010/2837
www.vupen.com/english/advisories/2010/2857
www.vupen.com/english/advisories/2010/2864
www.vupen.com/english/advisories/2010/2871
www.vupen.com/english/advisories/2011/0061
access.redhat.com/errata/RHSA-2010:0810
bugzilla.mozilla.org/show_bug.cgi?id=607222
bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
bugzilla.redhat.com/show_bug.cgi?id=646997
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108
rhn.redhat.com/errata/RHSA-2010-0812.html
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C