- Home
- CVEs with nessus.description==The installed version of SeaMonkey is a version prior to 2.25 and is, therefore, potentially affected by the following vulnerabilities :
- Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)
- An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)
- An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.
(CVE-2014-1497)
- An issue exists in the 'crypto.generateCRFMRequest' method due to improper validation of the KeyParams argument when generating 'ec-dual-use' requests. This could lead to a denial of service attack.
(CVE-2014-1498)
- An issue exists that could allow for spoofing attacks to occur during a WebRTC session. Exploitation of this issue could allow an attacker to gain access to the user's webcam or microphone. (CVE-2014-1499)
- An issue exists with JavaScript 'onbeforeunload' events that could lead to denial of service attacks.
(CVE-2014-1500)
- An issue exists where WebGL context from one website can be injected into the WebGL context of another website that could result in arbitrary content being rendered from the second website. (CVE-2014-1502)
- A cross-site scripting issue exists due to the Content Security Policy (CSP) of 'data:' documents not being saved for a session restore. Under certain circumstances, an attacker may be able to evade the CSP of a remote website resulting in a cross-scripting attack. (CVE-2014-1504)
- An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)
- A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.
(CVE-2014-1509)
- An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.
(CVE-2014-1505)
- An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which may result in arbitrary code execution.
(CVE-2014-1510)
- An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)
- A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.
(CVE-2014-1512)
- An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.
(CVE-2014-1513)
- An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top