Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.SEAMONKEY_103.NASL
HistoryJul 27, 2006 - 12:00 a.m.

SeaMonkey < 1.0.3 Multiple Vulnerabilities

2006-07-2700:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
32

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.974

Percentile

99.9%

JSON

The installed version of SeaMonkey contains various security issues, some of which could lead to execution of arbitrary code on the affected host subject to the user’s privileges.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(22097);
  script_version("1.27");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id("CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802",
                "CVE-2006-3803", "CVE-2006-3804", "CVE-2006-3805", "CVE-2006-3806",
                "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810",
                "CVE-2006-3811", "CVE-2006-3812");
  script_bugtraq_id(19181, 19192, 19197);
  script_xref(name:"CERT", value:"655892");

  script_name(english:"SeaMonkey < 1.0.3 Multiple Vulnerabilities");
  script_summary(english:"Checks version of SeaMonkey");

  script_set_attribute(attribute:"synopsis", value:
"A web browser on the remote host is prone to multiple flaws.");
  script_set_attribute(attribute:"description", value:
"The installed version of SeaMonkey contains various security issues,
some of which could lead to execution of arbitrary code on the affected
host subject to the user's privileges.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-44/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-45/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-46/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-47/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-48/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-49/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-50/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-51/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-52/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-53/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-54/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-55/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-56/");
  script_set_attribute(attribute:"solution", value:"Upgrade to SeaMonkey 1.0.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/07/25");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("SeaMonkey/Version");


  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/SeaMonkey/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");

mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.0.3', severity:SECURITY_HOLE);

References

Related

nessus 30
suse 1
centos 5
openvas 24
freebsd 1
ubuntu 4
redhat 5
gentoo 3
securityvulns 4
debian 6
osv 3
oraclelinux 2
mozilla 12
checkpoint_advisories 6
cve 14
cert 10
ubuntucve 14
nvd 14
cvelist 14
debiancve 13
seebug 3
saint 4
exploitdb 3
zdi 1
exploitpack 1
packetstorm 1
zdt 1
nessus
nessus
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1981)
2007-10-17 00:00:00
GLSA-200608-02 : Mozilla SeaMonkey: Multiple vulnerabilities
2006-08-04 00:00:00
RHEL 3 : seamonkey (RHSA-2006:0608)
2006-07-28 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2006-08-16 15:11:18
centos
centos
seamonkey security update
2006-08-04 20:56:41
devhelp, seamonkey security update
2006-08-05 15:16:05
thunderbird security update
2006-07-29 11:51:27
openvas
openvas
FreeBSD Ports: firefox
2008-09-04 00:00:00
FreeBSD Ports: firefox
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200608-03 (Firefox)
2008-09-24 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-07-25 00:00:00
ubuntu
ubuntu
firefox vulnerabilities
2006-07-28 00:00:00
Thunderbird vulnerabilities
2006-07-29 00:00:00
Thunderbird vulnerabilities
2006-09-22 00:00:00
redhat
redhat
(RHSA-2006:0608) seamonkey security update
2006-07-27 00:00:00
(RHSA-2006:0609) seamonkey security update
2006-08-02 00:00:00
(RHSA-2006:0594) seamonkey security update (was mozilla)
2006-08-28 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-08-03 00:00:00
Mozilla SeaMonkey: Multiple vulnerabilities
2006-08-03 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-08-03 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities
2006-07-28 00:00:00
Netscape/K-Meleon/Flock JavaScript navigator Vulnerability
2006-08-02 00:00:00
[Full-disclosure] ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability
2006-07-27 00:00:00
debian
debian
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities
2006-08-29 17:17:51
[SECURITY] [DSA 1161-2] New Mozilla Firefox packages fix several vulnerabilities
2006-09-13 11:03:17
[SECURITY] [DSA 1160-2] New Mozilla packages fix several vulnerabilities
2006-09-15 04:42:07
osv
osv
mozilla-firefox - several vulnerabilities
2006-08-29 00:00:00
mozilla - several
2006-08-29 00:00:00
mozilla-thunderbird - several
2006-08-28 00:00:00
oraclelinux
oraclelinux
Critical thunderbird security update
2006-12-07 00:00:00
Critical firefox security update
2006-12-07 00:00:00
mozilla
mozilla
JavaScript engine vulnerabilities — Mozilla
2006-07-25 00:00:00
Code execution through deleted frame reference — Mozilla
2006-07-25 00:00:00
Native DOM methods can be hijacked across domains — Mozilla
2006-07-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox New Function Garbage Collection Code Execution - Ver2 (CVE-2006-3803)
2014-01-07 00:00:00
Mozilla Firefox Javascript Deleted Frame Reference Code Execution - Ver2 (CVE-2006-3801)
2014-03-03 00:00:00
Mozilla Firefox New Function Garbage Collection Code Execution - Ver2 (CVE-2006-3803)
2014-02-03 00:00:00
cve
cve
CVE-2006-3803
2006-07-27 19:04:00
CVE-2006-3809
2006-07-27 20:04:00
CVE-2006-3801
2006-07-27 20:04:00
cert
cert
Mozilla products contain a race condition
2006-07-27 00:00:00
Mozilla products VCard attachment buffer overflow
2006-07-27 00:00:00
Mozilla products fail to properly handle frame references
2006-07-27 00:00:00
ubuntucve
ubuntucve
CVE-2006-3803
2006-07-27 00:00:00
CVE-2006-3801
2006-07-27 00:00:00
CVE-2006-3810
2006-07-27 00:00:00
nvd
nvd
CVE-2006-3803
2006-07-27 19:04:00
CVE-2006-3808
2006-07-27 20:04:00
CVE-2006-3801
2006-07-27 20:04:00
cvelist
cvelist
CVE-2006-3804
2006-07-27 19:00:00
CVE-2006-3801
2006-07-27 20:00:00
CVE-2006-3803
2006-07-27 19:00:00
debiancve
debiancve
CVE-2006-3801
2006-07-27 20:04:00
CVE-2006-3804
2006-07-27 19:04:00
CVE-2006-3808
2006-07-27 20:04:00
seebug
seebug
Mozilla Firefox &lt;= 1.5.0.4 Javascript Navigator Object Code Execution PoC
2006-07-28 00:00:00
Mozilla Firefox Javascript Navigator Object Remote Code Execution Vulnerability
2006-10-24 00:00:00
Mozilla Firefox <= 1.5.0.4 - Javascript Navigator Object Code Execution PoC
2014-07-01 00:00:00
saint
saint
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
exploitdb
exploitdb
Mozilla Suite/Firefox &lt; 1.5.0.5 - Navigator Object Code Execution (Metasploit)
2006-07-25 00:00:00
Mozilla Suite/Firefox - Navigator Object Code Execution (Metasploit)
2010-09-20 00:00:00
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
zdi
zdi
Mozilla Firefox Javascript navigator Object Vulnerability
2006-07-26 00:00:00
exploitpack
exploitpack
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
packetstorm
packetstorm
Mozilla Suite/Firefox Navigator Object Code Execution
2009-10-27 00:00:00
zdt
zdt
Mozilla Firefox <= 1.5.0.4 Javascript Navigator Object Code Execution PoC
2006-07-28 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.974

Percentile

99.9%

JSON
Related for SEAMONKEY_103.NASL
nessus30suse1centos5openvas24freebsd1ubuntu4redhat5gentoo3securityvulns4debian6osv3oraclelinux2mozilla12checkpoint_advisories6cve14cert10ubuntucve14nvd14cvelist14debiancve13seebug3saint4exploitdb3zdi1exploitpack1packetstorm1zdt1