Security Advisories for SeaMonkey 1.1
SeaMonkey 1.1 is unsupported. Please upgrade to the latest version.
Impact key
- Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
# Fixed in SeaMonkey 1.1.19
- 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch
- 2010-06 Scriptable plugin execution in SeaMonkey mail
# Fixed in SeaMonkey 1.1.18
- 2009-43 Heap overflow in certificate regexp parsing
- 2009-42 Compromise of SSL-protected communication
# Fixed in SeaMonkey 1.1.17
- 2009-33 Crash viewing multipart/alternative message with text/enhanced part
- 2009-32 JavaScript chrome privilege escalation
- 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
- 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
- 2009-26 Arbitrary domain cookie access by local file: resources
- 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
- 2009-21 POST data sent to wrong site when saving web page with embedded frame
- 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
# Fixed in SeaMonkey 1.1.16
- 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)
- 2009-12 XSL Transformation vulnerability
# Fixed in SeaMonkey 1.1.15
- 2009-15 URL spoofing with box drawing character
- 2009-10 Upgrade PNG library to fix memory safety hazards
- 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
- 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
- 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
- 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
# Fixed in SeaMonkey 1.1.14
- 2008-68 XSS and JavaScript privilege escalation
- 2008-67 Escaped null characters ignored by CSS parser
- 2008-66 Errors parsing URLs with leading whitespace and control characters
- 2008-65 Cross-domain data theft via script redirect error message
- 2008-64 XMLHttpRequest 302 response disclosure
- 2008-61 Information stealing via loadBindingDocument
- 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
# Fixed in SeaMonkey 1.1.13
- 2008-59 Script access to .documentURI and .textContent in mail
- 2008-58 Parsing error in E4X default namespace
- 2008-57 -moz-binding property bypasses security checks on codebase principals
- 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
- 2008-55 Crash and remote code execution in nsFrameManager
- 2008-54 Buffer overflow in http-index-format parser
- 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
- 2008-50 Crash and remote code execution via __proto__ tampering
- 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
- 2008-48 Image stealing via canvas and HTTP redirect
- 2008-47 Information stealing via local shortcut files
# Fixed in SeaMonkey 1.1.12
- 2008-46 Heap overflow when canceling newsgroup message
- 2008-45 XBM image uninitialized memory reading
- 2008-44 resource: traversal vulnerabilities
- 2008-43 BOM characters, low surrogates stripped from JavaScript before execution
- 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
- 2008-41 Privilege escalation via XPCnativeWrapper pollution
- 2008-40 Forced mouse drag
- 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
- 2008-37 UTF-8 URL stack buffer overflow
# Fixed in SeaMonkey 1.1.11
# Fixed in SeaMonkey 1.1.10
- 2008-33 Crash and remote code execution in block reflow
- 2008-32 Remote site run as local file via Windows URL shortcut
- 2008-31 Peer-trusted certs can use alt names to spoof
- 2008-30 File location URL in directory listings not escaped properly
- 2008-29 Faulty .properties file results in uninitialized memory being used
- 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
- 2008-27 Arbitrary file upload via originalTarget and DOM Range
- 2008-26 Buffer length checks in MIME processing
- 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
- 2008-24 Chrome script loading from fastload file
- 2008-23 Signed JAR tampering
- 2008-22 XSS through JavaScript same-origin violation
- 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
- 2008-20 Crash in JavaScript garbage collector
# Fixed in SeaMonkey 1.1.9
- 2008-19 XUL popup spoofing variant (cross-tab popups)
- 2008-18 Java socket connection to any local port via LiveConnect
- 2008-17 Privacy issue with SSL Client Authentication
- 2008-16 HTTP Referrer spoofing with malformed URLs
- 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
- 2008-14 JavaScript privilege escalation and arbitrary code execution
# Fixed in SeaMonkey 1.1.8
- 2008-13 Multiple XSS vulnerabilities from character encoding
- 2008-12 Heap buffer overflow in external MIME bodies
- 2008-10 URL token stealing via stylesheet redirect
- 2008-09 Mishandling of locally-saved plain text files
- 2008-07 Possible information disclosure in BMP decoder
- 2008-06 Web browsing history and forward navigation stealing
- 2008-05 Directory traversal via chrome: URI
- 2008-03 Privilege escalation, XSS, Remote Code Execution
- 2008-02 Multiple file input focus stealing vulnerabilities
- 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
# Fixed in SeaMonkey 1.1.7
- 2007-39 Referer-spoofing via window.location race condition
- 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
- 2007-37 jar: URI scheme XSS hazard
# Fixed in SeaMonkey 1.1.5
- 2007-36 URIs with invalid %-encoding mishandled by Windows
- 2007-35 XPCNativeWraper pollution using Script object
- 2007-34 Possible file stealing through sftp protocol
- 2007-33 XUL pages can hide the window titlebar
- 2007-32 File input focus stealing vulnerability
- 2007-31 Digest authentication request splitting
- 2007-30 onUnload Tailgating
- 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
# Fixed in SeaMonkey 1.1.4
- 2007-27 Unescaped URIs passed to external programs
- 2007-26 Privilege escalation through chrome-loaded about:blank windows
- 2007-23 Remote code execution by launching Firefox from Internet Explorer
# Fixed in SeaMonkey 1.1.3
- 2007-25 XPCNativeWrapper pollution
- 2007-24 Unauthorized access to wyciwyg:// documents
- 2007-22 File type confusion due to %00 in name
- 2007-21 Privilege escallation using an event handler attached to an element not in the document
- 2007-20 Frame spoofing while window is loading
- 2007-19 XSS using addEventListener and setTimeout
- 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)
# Fixed in SeaMonkey 1.1.2
- 2007-17 XUL Popup Spoofing
- 2007-16 XSS using addEventListener
- 2007-15 Security Vulnerability in APOP Authentication
- 2007-14 Path Abuse in Cookies
- 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)