Skip to main content

Mozilla SeaMonkey Code Execution and Spoofing Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 29 Oct 2009 5386 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Mozilla SeaMonkey, which could be exploited by attackers to spoof certain information, bypass security restrictions or compromise a vulnerable system.

1. A memory corruption error when parsing certain regular expressions used in Proxy Auto-configuration (PAC) files, which could allow attackers to crash an affected browser or execute arbitrary code on a system where PAC has been configured with specific regular expresssions.

2. A heap overflow error in the GIF image parser, which could be exploited to crash an affected browser or execute arbitrary code.

3. An error when downloading a file with a name containing a right-to-left override character (RTL), which could be exploited to obfuscate the name and extension of a malicious file to be downloaded and opened.


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Mozilla SeaMonkey versions prior to 2.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Mozilla SeaMonkey version 2.0 :
http://www.mozilla.com/seamonkey/


Vulnerability Identifier


Source


Related Link