 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.805223 |
| Category: | General |
| Title: | SeaMonkey Multiple Vulnerabilities-01 (Dec 2014) - Windows |
| Summary: | SeaMonkey is prone to multiple vulnerabilities. |
| Description: | Summary: SeaMonkey is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - A bad cast issue from the BasicThebesLayer to BasicContainerLayer. - An error when parsing media content within the 'mozilla::FileBlockCache::Read' function. - A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class. - An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream. - An error that is triggered when handling a CSS stylesheet that has its namespace improperly declared. - Multiple unspecified errors. - An error when filtering object properties via XrayWrappers. - An error when passing Chrome Object Wrappers (COW) protected chrome objects as native interfaces. - An error when handling Content Security Policy (CSP) violation reports triggered by a redirect. Vulnerability Impact: Successful exploitation will allow attackers to disclose potentially sensitive information, compromise a user's system, bypass certain security restrictions and other unknown impacts. Affected Software/OS: SeaMonkey version before 2.31 on Windows. Solution: Upgrade to SeaMonkey version 2.31 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1594 BugTraq ID: 71396 http://www.securityfocus.com/bid/71396 Debian Security Information: DSA-3090 (Google Search) http://www.debian.org/security/2014/dsa-3090 Debian Security Information: DSA-3092 (Google Search) http://www.debian.org/security/2014/dsa-3092 https://security.gentoo.org/glsa/201504-01 SuSE Security Announcement: openSUSE-SU-2015:0138 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1593 BugTraq ID: 71395 http://www.securityfocus.com/bid/71395 Common Vulnerability Exposure (CVE) ID: CVE-2014-1592 BugTraq ID: 71398 http://www.securityfocus.com/bid/71398 Common Vulnerability Exposure (CVE) ID: CVE-2014-1590 BugTraq ID: 71397 http://www.securityfocus.com/bid/71397 Common Vulnerability Exposure (CVE) ID: CVE-2014-1589 Common Vulnerability Exposure (CVE) ID: CVE-2014-1588 Common Vulnerability Exposure (CVE) ID: CVE-2014-1587 BugTraq ID: 71391 http://www.securityfocus.com/bid/71391 Common Vulnerability Exposure (CVE) ID: CVE-2014-8632 Common Vulnerability Exposure (CVE) ID: CVE-2014-8631 Common Vulnerability Exposure (CVE) ID: CVE-2014-1591 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |