TITLE: Mozilla SeaMonkey Multiple Vulnerabilities Criticality level: Highly critical Impact: Exposure of sensitive information, System access Where: From remote VERIFY ADVISORY: http://secunia.com/advisories/39001/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to disclose sensitive information or potentially compromise a user's system. 1) An error exists when processing "<iframe>" elements embedded in e-mail messages. This can be exploited to disclose message contents or local files by tricking a user into replying to or forwarding a malicious message. 2) An error when joined to an Active Directory server on Vista or Windows 7 can be exploited to cause a crash or potentially execute arbitrary code if SSPI authentication is used. 3) An error when indexing certain messages with attachments can be exploited to cause a crash or potentially execute arbitrary code. 4) An unspecified error in the JavaScript engine can be exploited to cause a crash or potentially execute arbitrary code. 5) An error in the BinHex decoder when used on non-Mac platforms can be exploited to cause a crash or potentially execute arbitrary code. Vulnerabilities #4 and #5 are related to vulnerability #1 in: SA36671 6) An integer overflow error in a base64 decoding function can be exploited to cause a crash or potentially execute arbitrary code. This is related to vulnerability #2 in: SA35914 7) A use-after-free error in the implementation of the XUL tree element can be exploited to potentially execute arbitrary code. This is related to vulnerability #3 in: SA36671 8) An error in the implementation of the NTLM authentication protocol can be exploited to reflect the user's NTLM credentials to an arbitrary application. This is related to vulnerability #5 in: SA37699 9) An array indexing error when processing floating point numbers can be exploited to potentially execute arbitrary code. This is related to vulnerability #1 in: SA36711 The vulnerabilities are reported in versions prior to 1.1.19. SOLUTION: Update to version 1.1.19. SeaMonkey 1.x has reached End Of Life. The vendor recommends an upgrade to the latest 2.x version. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2009/mfsa2009-49.html http://www.mozilla.org/security/announce/2009/mfsa2009-59.html http://www.mozilla.org/security/announce/2009/mfsa2009-68.html http://www.mozilla.org/security/announce/2010/mfsa2010-06.html http://www.mozilla.org/security/announce/2010/mfsa2010-07.html http://www.seamonkey-project.org/releases/seamonkey1.1.19/README#new OTHER REFERENCES: SA35914: http://secunia.com/advisories/35914/ SA36671: http://secunia.com/advisories/36671/ SA36711: http://secunia.com/advisories/36711/ SA37699: http://secunia.com/advisories/37699/ ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-