Security Vulnerabilities fixed in SeaMonkey mfsa2014-29-2

description-logoDescription

Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open(). A second bug allowed the bypassing of the popup-blocker without user interaction. Combined these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution.

affected-products-logoAffected Applications

SeaMonkey

CVE References

CVE-2014-1511 CVE-2014-1510