SeaMonkey 2.x < 2.6.0 Multiple Vulnerabilities

NASLDB: SeaMonkey 2.x < 2.6.0 Multiple Vulnerabilities

General

ID: 57353
Name: SeaMonkey 2.x < 2.6.0 Multiple Vulnerabilities

Summary: Checks version of SeaMonkey

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: –
Family: Windows
Type: Local

Description

The installed version of SeaMonkey 2.x is earlier than 2.6.0. Such
versions are potentially affected by the following security issues :

– An out-of-bounds memory access error exists in the
‘SVG’ implementation and can be triggered when ‘SVG’
elements are removed during a ‘DOMAttrModified’ event
handler. (CVE-2011-3658)

– Various memory safety errors exist that can lead to
memory corruption and possible code execution.
(CVE-2011-3660)

– An error exists in the ‘YARR’ regular expression
library that can cause application crashes when
handling certain JavaScript statements. (CVE-2011-3661)

– It is possible to detect keystrokes using ‘SVG’
animation ‘accesskey’ events even when JavaScript is
disabled. (CVE-2011-3663)

– It is possible to crash the application when ‘OGG’
‘video’ elements are scaled to extreme sizes.
(CVE-2011-3665)

– A use-after-free error exists related to the function
‘nsHTMLSelectElement’ that can allow arbitrary code
execution during operations such as removal of a
parent node of an element. (CVE-2011-3671)