Summary
This host is installed with SeaMonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version 2.24 or later,
For updates refer to http://www.mozilla.com/en-US/seamonkey
Insight
Multiple flaws are due to,
- An error when handling XML Binding Language (XBL) content scopes.
- An error when handling discarded images within the 'RasterImage' class.
- An error related to the 'document.caretPositionFromPoint()' and 'document.elementFromPoint()' functions.
- An error when handling XSLT stylesheets.
- A use-after-free error related to certain content types when used with the 'imgRequestProxy()' function.
- An error when handling web workers error messages.
- An error when terminating a web worker running asm.js code after passing an object between threads.
- A race condition error when handling session tickets within libssl.
- An error when handling JavaScript native getters on window objects.
- Additionally, a weakness exists when handling the dialog for saving downloaded files.
Affected
SeaMonkey version before 2.24 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1490, CVE-2014-1491 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)