Web application abuses : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Windows)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900312

Categoría: Web application abuses

Título: Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Windows)

Resumen: The host is installed with Mozilla Seamonkey browser and is prone; to multiple vulnerabilities.

Descripción: Summary:
The host is installed with Mozilla Seamonkey browser and is prone
to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws due to:

- Vectors related to the layout engine and destruction of arbitrary layout
objects by the 'nsViewManager::Composite' function.

- Cookies marked 'HTTPOnly' are readable by JavaScript through the request
calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders
and XMLHttpRequest.getResponseHeader.

Vulnerability Impact:
Successful exploitation could result in bypassing certain security
restrictions, information disclosures, JavaScript code executions which
can be executed with the privileges of the signed users.

Affected Software/OS:
Seamonkey version prior to 1.1.15 on Windows.

Solution:
Upgrade to Seamonkey version 1.1.15.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 33598
Common Vulnerability Exposure (CVE) ID: CVE-2009-0352
http://www.securityfocus.com/bid/33598
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699
RedHat Security Advisories: RHSA-2009:0256
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://www.redhat.com/support/errata/RHSA-2009-0257.html
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://www.securitytracker.com/id?1021663
http://secunia.com/advisories/33799
http://secunia.com/advisories/33802
http://secunia.com/advisories/33808
http://secunia.com/advisories/33809
http://secunia.com/advisories/33816
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/33869
http://secunia.com/advisories/34324
http://secunia.com/advisories/34387
http://secunia.com/advisories/34417
http://secunia.com/advisories/34462
http://secunia.com/advisories/34464
http://secunia.com/advisories/34527
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
SuSE Security Announcement: SUSE-SA:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
SuSE Security Announcement: SUSE-SA:2009:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
http://www.ubuntu.com/usn/usn-717-1
https://usn.ubuntu.com/741-1/
http://www.vupen.com/english/advisories/2009/0313
Common Vulnerability Exposure (CVE) ID: CVE-2009-0353
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193
Common Vulnerability Exposure (CVE) ID: CVE-2009-0356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9922
http://www.securitytracker.com/id?1021666
Common Vulnerability Exposure (CVE) ID: CVE-2009-0357
http://ha.ckers.org/blog/20070511/bluehat-errata/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9459
http://www.securitytracker.com/id?1021668
http://www.ubuntu.com/usn/usn-717-2

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900312
Categoría:	Web application abuses
Título:	Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Windows)
Resumen:	The host is installed with Mozilla Seamonkey browser and is prone; to multiple vulnerabilities.
Descripción:	Summary: The host is installed with Mozilla Seamonkey browser and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws due to: - Vectors related to the layout engine and destruction of arbitrary layout objects by the 'nsViewManager::Composite' function. - Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader. Vulnerability Impact: Successful exploitation could result in bypassing certain security restrictions, information disclosures, JavaScript code executions which can be executed with the privileges of the signed users. Affected Software/OS: Seamonkey version prior to 1.1.15 on Windows. Solution: Upgrade to Seamonkey version 1.1.15. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 33598 Common Vulnerability Exposure (CVE) ID: CVE-2009-0352 http://www.securityfocus.com/bid/33598 Debian Security Information: DSA-1830 (Google Search) http://www.debian.org/security/2009/dsa-1830 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699 RedHat Security Advisories: RHSA-2009:0256 http://rhn.redhat.com/errata/RHSA-2009-0256.html http://www.redhat.com/support/errata/RHSA-2009-0257.html http://www.redhat.com/support/errata/RHSA-2009-0258.html http://www.securitytracker.com/id?1021663 http://secunia.com/advisories/33799 http://secunia.com/advisories/33802 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://secunia.com/advisories/33869 http://secunia.com/advisories/34324 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://secunia.com/advisories/34464 http://secunia.com/advisories/34527 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 SuSE Security Announcement: SUSE-SA:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html SuSE Security Announcement: SUSE-SA:2009:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://www.ubuntu.com/usn/usn-717-1 https://usn.ubuntu.com/741-1/ http://www.vupen.com/english/advisories/2009/0313 Common Vulnerability Exposure (CVE) ID: CVE-2009-0353 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193 Common Vulnerability Exposure (CVE) ID: CVE-2009-0356 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9922 http://www.securitytracker.com/id?1021666 Common Vulnerability Exposure (CVE) ID: CVE-2009-0357 http://ha.ckers.org/blog/20070511/bluehat-errata/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9459 http://www.securitytracker.com/id?1021668 http://www.ubuntu.com/usn/usn-717-2
Copyright	Copyright (C) 2009 Greenbone Networks GmbH