SECUNIA ADVISORY ID: SA23422
VERIFY ADVISORY: http://secunia.com/advisories/23422/
CRITICAL: Highly critical
IMPACT: Cross Site Scripting, DoS, System access
SOFTWARE: Mozilla SeaMonkey 1.x - http://secunia.com/product/9126/
DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system. See vulnerabilities #1 through #7 for more information: SA23282 The following two vulnerabilities have also been reported:
1) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body.
2) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow.
SOLUTION: Update to version 1.0.7.
PROVIDED AND/OR DISCOVERED BY:
1) Georgi Guninski
2) David Bienvenu
ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2006/mfsa2006-74.html
OTHER REFERENCES: SA23282: http://secunia.com/advisories/23282/
Mozilla SeaMonkey Multiple VulnerabilitiesPosted on Wednesday, December 20, 2006 @ 16:02:03 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
