English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 134041 CVE descriptions
and 69903 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801136
Category:Buffer overflow
Title:Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Windows)
Summary:This host is installed with Mozilla Seamonkey browser and is prone to; multiple vulnerabilities.
Description:Summary:
This host is installed with Mozilla Seamonkey browser and is prone to
multiple vulnerabilities.

Vulnerability Insight:
Muliple flaw are due to following errors,
- When parsing regular expressions used in Proxy Auto-configuration. This can
be exploited to cause a crash or potentially execute arbitrary code via
specially crafted configured PAC files.
- When processing GIF color maps can be exploited to cause a heap based buffer
overflow and potentially execute arbitrary code via a specially crafted GIF
file.
- An error when downloading files can be exploited to display different file
names in the download dialog title bar and download dialog body. This can
be exploited to obfuscate file names via a right-to-left override character
and potentially trick a user into running an executable file.

Vulnerability Impact:
Successful exploitation will let attacker to disclose sensitive information,
bypass certain security restrictions, manipulate certain data, or compromise
a user's system.
Impact Level: Application/System

Affected Software/OS:
Mozilla Seamonkey version prior to 2.0 on Windows.

Solution:
Upgrade to Seamonkey version 2.0
http://www.seamonkey-project.org/releases

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 36856
BugTraq ID: 36855
BugTraq ID: 36867
Common Vulnerability Exposure (CVE) ID: CVE-2009-3372
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10977
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6347
http://www.vupen.com/english/advisories/2009/3334
Common Vulnerability Exposure (CVE) ID: CVE-2009-3373
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6548
Common Vulnerability Exposure (CVE) ID: CVE-2009-3376
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-915-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11218
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6541
http://secunia.com/advisories/38977
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 69903 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2018 E-Soft Inc. All rights reserved.