Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Seamonkey, which is prone to multiple vulnerabilities.
Insight
Insight
- Error in js/src/xpconnect/src/xpcwrappedjsclass.cpp file will allow attacker to execute arbitrary web script. - Multiple errors in the layout and JavaScript engines that can corrupt memory - Error in location bar, when used as part of an IDN.due to certain invalid unicode characters being displayed as whitespace. - An error when handling a non-200 response returned by a proxy in reply to a CONNECT request, which could cause the body of the response to be rendered within the context of the request 'Host:' header. - An error when handling event listeners attached to an element whose owner document is null. - Due to the 'file:' resource inheriting the principal of the previously loaded document when loaded via the location, allow unauthorized access to local files. - Due to content-loading policies not being checked before loading external script files into XUL documents, which could be exploited to bypass restrictions. - Error exists via vectors involving 'double frame construction.' - Error exists in JavaScript engine is caused via vectors related to js_LeaveSharpObject, ParseXMLSource, and a certain assertion in jsinterp.c.
Affected Software
Affected Software
Seamonkey version prior to 1.1.17 on Linux.
Solution
Solution
Upgrade to Seamonkey version 1.1.17.
Common Vulnerabilities and Exposures (CVE)
References
- http://www.vupen.com/english/advisories/2009/1572
- http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-32.html