Security Advisories for SeaMonkey 1.0

SeaMonkey 1.0 is unsupported. Please upgrade to the latest version.

Impact key

• Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
• High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
• Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
• Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

# Fixed in SeaMonkey 1.0.9

• 2007-17 XUL Popup Spoofing
• 2007-16 XSS using addEventListener
• 2007-15 Security Vulnerability in APOP Authentication
• 2007-14 Path Abuse in Cookies
• 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)

# Fixed in SeaMonkey 1.0.8

• 2007-10 Potential integer overflow with text/enhanced mail
• 2007-09 Privilege escalation by setting img.src to javascript: URI
• 2007-08 onUnload + document.write() memory corruption
• 2007-07 Embedded nulls in location.hostname confuse same-domain checks
• 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflows
• 2007-05 XSS and local file access by opening blocked popupsand local file access by opening blocked popups
• 2007-04 Spoofing using custom cursor and CSS3 hotspot
• 2007-03 Information disclosure through cache collisions
• 2007-02 Improvements to help protect against Cross-Site Scripting attacks
• 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

# Fixed in SeaMonkey 1.0.7

• 2006-74 Mail header processing heap overflows
• 2006-73 Mozilla SVG Processing Remote Code Execution
• 2006-72 XSS by setting img.src to javascript: URI
• 2006-71 LiveConnect crash finalizing JS objects
• 2006-70 Privilege escalation using watch point
• 2006-69 CSS cursor image buffer overflow (Windows only)
• 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

# Fixed in SeaMonkey 1.0.6

• 2006-67 Running Script can be recompiled
• 2006-66 RSA Signature Forgery (variant)
• 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)

# Fixed in SeaMonkey 1.0.5

• 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
• 2006-63 JavaScript execution in mail via XBL
• 2006-61 Frame spoofing using document.open()
• 2006-60 RSA Signature Forgery
• 2006-59 Concurrency-related vulnerability
• 2006-57 JavaScript Regular Expression Heap Corruption

# Fixed in SeaMonkey 1.0.3

• 2006-56 chrome: scheme loading remote content
• 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
• 2006-54 XSS with XPCNativeWrapper(window).Function(...)
• 2006-53 UniversalBrowserRead privilege escalation
• 2006-52 PAC privilege escalation using Function.prototype.call
• 2006-51 Privilege escalation using named-functions and redefined "new Object()"
• 2006-50 JavaScript engine vulnerabilities
• 2006-49 Heap buffer overwrite on malformed VCard
• 2006-48 JavaScript new Function race condition
• 2006-47 Native DOM methods can be hijacked across domains
• 2006-46 Memory corruption with simultaneous events
• 2006-45 Javascript navigator Object Vulnerability
• 2006-44 Code execution through deleted frame reference

# Fixed in SeaMonkey 1.0.2

• 2006-43 Privilege escalation using addSelectionListener
• 2006-42 Web site XSS using BOM on UTF-8 pages
• 2006-41 File stealing by changing input type (variant)
• 2006-40 Double-free on malformed VCard
• 2006-39 "View Image" local resource linking (Windows)
• 2006-38 Buffer overflow in crypto.signText()
• 2006-37 Remote compromise via content-defined setter on object prototypes
• 2006-35 Privilege escalation through XUL persist.
• 2006-34 XSS viewing javascript: frames or images from context menu
• 2006-33 HTTP response smuggling
• 2006-32 Fixes for crashes with potential memory corruption (rv:1.8.0.4)
• 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

# Fixed in SeaMonkey 1.0.1

• 2006-29 Spoofing with translucent windows
• 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
• 2006-27 Table Rebuilding Code Execution Vulnerability
• 2006-25 Privilege escalation through Print Preview
• 2006-24 Privilege escalation using crypto.generateCRMFRequest
• 2006-23 File stealing by changing input type
• 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
• 2006-21 JavaScript execution in mail when forwarding in-line
• 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)

# Fixed in SeaMonkey 1

• 2006-19 Cross-site scripting using .valueOf.call()
• 2006-18 Mozilla Firefox Tag Order Vulnerability
• 2006-17 cross-site scripting through window.controllers
• 2006-16 Accessing XBL compilation scope via valueOf.call()
• 2006-15 Privilege escalation using a JavaScript function's cloned parent
• 2006-14 Privilege escalation via XBL.method.eval
• 2006-13 Downloading executables with "Save Image As..."
• 2006-12 Secure-site spoof (requires security warning dialog)
• 2006-11 Crashes with evidence of memory corruption (rv:1.8)
• 2006-10 JavaScript garbage-collection hazard audit
• 2006-09 Cross-site JavaScript injection using event handlers
• 2006-08 "AnyName" entrainment and access control hazard
• 2006-07 Read beyond buffer while parsing XML
• 2006-06 Integer overflows in E4X, SVG, and Canvas
• 2006-05 Localstore.rdf XML injection through XULDocument.persist()
• 2006-04 Memory corruption via QueryInterface on Location, Navigator objects
• 2006-03 Long document title causes startup denial of service
• 2006-02 Changing position:relative to static corrupts memory
• 2006-01 JavaScript garbage-collection hazards