Summary
This host is installed with SeaMonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to SeaMonkey version 2.25 or later,
For updates refer to http://www.mozilla.com/en-US/seamonkey
Insight
Multiple flaws are due to,
- Local users can gain privileges by modifying the extracted Mar contents during an update.
- A boundary error when decoding WAV audio files.
- The crypto.generateCRMFRequest method does not properly validate a certain key type.
- An error related to certain WebIDL-implemented APIs.
- An error when performing polygon rendering in MathML.
- The session-restore feature does not consider the Content Security Policy of a data URL.
- A timing error when processing SVG format images with filters and displacements.
- A use-after-free error when handling garbage collection of TypeObjects under memory pressure.
- An error within the TypedArrayObject implementation when handling neutered ArrayBuffer objects.
- And some unspecified errors exist.
Affected
SeaMonkey version before 2.25 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
- Adobe Air Multiple Vulnerabilities - December12 (Windows)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X