VID |
28833 |
Severity |
30 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
A version of Mozilla SeaMonkey which is older than 2.0.13 has been installed on the host. Mozilla Thunderbird is an open-source based Web Browser, developed by the Mozilla project. Mozilla SeaMonkey versions prior to 2.0.13 is HTTP Invalid Certificates vulnerability.
The installed version of SeaMonkey is earlier than 2.0.13. Such versions have an out-of-date SSL certificate blacklist. A certificate authority (CA) has revoked a number of fraudulent SSL certificates for several prominent public websites.
If an attacker can trick someone into using the affected browser and visiting a malicious site using one of the fraudulent certificates, he may be able to fool that user into believing the site is a legitimate one. In turn, the user could send credentials to the malicious site or download and install applications.
* References: http://www.mozilla.org/security/announce/2011/mfsa2011-11.html http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/ https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
* Platforms Affected: Mozilla Foundation, SeaMonkey versions prior to 2.0.13 Any operating system Any version |
Recommendation |
Upgrade to the latest version of SeaMonkey (2.0.13 or later), available from the Mozilla Web site at http://download.mozilla.org/?product=seamonkey-2.0.13&os=win&lang=en-US |
Related URL |
(CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|