Web application abuses : Mozilla Seamonkey Multiple Vulnerabilities (Feb 2009)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.900312
Category:	Web application abuses
Title:	Mozilla Seamonkey Multiple Vulnerabilities (Feb 2009) - Windows
Summary:	Mozilla Seamonkey browser is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Seamonkey browser is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws due to: - Vectors related to the layout engine and destruction of arbitrary layout objects by the 'nsViewManager::Composite' function. - Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader. Vulnerability Impact: Successful exploitation could result in bypassing certain security restrictions, information disclosures, JavaScript code executions which can be executed with the privileges of the signed users. Affected Software/OS: Seamonkey version prior to 1.1.15 on Windows. Solution: Upgrade to Seamonkey version 1.1.15. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0352 1021663 http://www.securitytracker.com/id?1021663 33598 http://www.securityfocus.com/bid/33598 33799 http://secunia.com/advisories/33799 33802 http://secunia.com/advisories/33802 33808 http://secunia.com/advisories/33808 33809 http://secunia.com/advisories/33809 33816 http://secunia.com/advisories/33816 33831 http://secunia.com/advisories/33831 33841 http://secunia.com/advisories/33841 33846 http://secunia.com/advisories/33846 33869 http://secunia.com/advisories/33869 34324 http://secunia.com/advisories/34324 34387 http://secunia.com/advisories/34387 34417 http://secunia.com/advisories/34417 34462 http://secunia.com/advisories/34462 34464 http://secunia.com/advisories/34464 34527 http://secunia.com/advisories/34527 ADV-2009-0313 http://www.vupen.com/english/advisories/2009/0313 DSA-1830 http://www.debian.org/security/2009/dsa-1830 FEDORA-2009-1399 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html FEDORA-2009-2882 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html FEDORA-2009-2884 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html FEDORA-2009-3101 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html MDVSA-2009:044 http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 MDVSA-2009:083 http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 RHSA-2009:0256 http://rhn.redhat.com/errata/RHSA-2009-0256.html RHSA-2009:0257 http://www.redhat.com/support/errata/RHSA-2009-0257.html RHSA-2009:0258 http://www.redhat.com/support/errata/RHSA-2009-0258.html SSA:2009-083-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 SSA:2009-083-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 SUSE-SA:2009:009 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html SUSE-SA:2009:023 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html USN-717-1 http://www.ubuntu.com/usn/usn-717-1 USN-741-1 https://usn.ubuntu.com/741-1/ http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm http://www.mozilla.org/security/announce/2009/mfsa2009-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=331088 https://bugzilla.mozilla.org/show_bug.cgi?id=401042 https://bugzilla.mozilla.org/show_bug.cgi?id=416461 https://bugzilla.mozilla.org/show_bug.cgi?id=420697 https://bugzilla.mozilla.org/show_bug.cgi?id=421839 https://bugzilla.mozilla.org/show_bug.cgi?id=422283 https://bugzilla.mozilla.org/show_bug.cgi?id=422301 https://bugzilla.mozilla.org/show_bug.cgi?id=431705 https://bugzilla.mozilla.org/show_bug.cgi?id=437142 https://bugzilla.mozilla.org/show_bug.cgi?id=449006 https://bugzilla.mozilla.org/show_bug.cgi?id=461027 oval:org.mitre.oval:def:10699 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699 Common Vulnerability Exposure (CVE) ID: CVE-2009-0353 https://bugzilla.mozilla.org/show_bug.cgi?id=452913 oval:org.mitre.oval:def:11193 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193 Common Vulnerability Exposure (CVE) ID: CVE-2009-0356 1021666 http://www.securitytracker.com/id?1021666 http://www.mozilla.org/security/announce/2009/mfsa2009-04.html https://bugzilla.mozilla.org/show_bug.cgi?id=460425 oval:org.mitre.oval:def:9922 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9922 Common Vulnerability Exposure (CVE) ID: CVE-2009-0357 1021668 http://www.securitytracker.com/id?1021668 USN-717-2 http://www.ubuntu.com/usn/usn-717-2 http://ha.ckers.org/blog/20070511/bluehat-errata/ http://www.mozilla.org/security/announce/2009/mfsa2009-05.html https://bugzilla.mozilla.org/show_bug.cgi?id=380418 oval:org.mitre.oval:def:9459 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9459
Copyright	Copyright (C) 2009 Greenbone AG