- Home
- CVEs with nessus.description==The installed version of SeaMonkey is affected by various security issues :
- Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be able to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute arbitrary code. (MFSA 2008-37)
- It is possible to bypass the same-origin check in 'nsXMLDocument::OnChannelRedirect()'. (MFSA 2008-38)
- An attacker can cause the content window to move while the mouse is being clicked, causing an item to be dragged rather than clicked-on. (MFSA 2008-40)
- Privilege escalation is possible via 'XPCnativeWrapper' pollution. (MFSA 2008-41)
- There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-42)
- Certain BOM characters and low surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is executed, which could allow for cross- site scripting attacks. (MFSA 2008-43)
- The 'resource:' protocol allows directory traversal on Linux when using URL-encoded slashes, and it can by used to bypass restrictions on local HTML files.
(MFSA 2008-44)
- A bug in the XBM decoder allows random small chunks of uninitialized memory to be read. (MFSA 2008-45)
- There is a heap-based buffer overflow that can be triggered when canceling a newsgroup message.
(MFSA 2008-46)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top