Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Critical: seamonkey security update

Related Vulnerabilities: CVE-2010-3169   CVE-2010-2765   CVE-2010-2767   CVE-2010-2760   CVE-2010-3168   CVE-2010-3167   CVE-2010-2768   CVE-2010-3168   CVE-2010-3169   CVE-2010-3167   CVE-2010-2768   CVE-2010-2760   CVE-2010-2767   CVE-2010-2765  

Source

Synopsis

Critical: seamonkey security update

Type/Severity

Security Advisory: Critical

Topic

Updated seamonkey packages that fix several security issues are now
available for Red Hat Enterprise Linux 3 and 4.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2010-3169)

A buffer overflow flaw was found in SeaMonkey. A web page containing
malicious content could cause SeaMonkey to crash or, potentially, execute
arbitrary code with the privileges of the user running SeaMonkey.
(CVE-2010-2765)

A use-after-free flaw and several dangling pointer flaws were found in
SeaMonkey. A web page containing malicious content could cause SeaMonkey to
crash or, potentially, execute arbitrary code with the privileges of the
user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167,
CVE-2010-3168)

A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page
containing malicious content could cause SeaMonkey to run JavaScript code
with the permissions of a different website. (CVE-2010-2768)

All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 4.8 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.8 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.8 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc

Fixes

  • BZ - 630055 - CVE-2010-3169 Mozilla Miscellaneous memory safety hazards
  • BZ - 630056 - CVE-2010-2765 Mozilla Frameset integer overflow vulnerability (MFSA 2010-50)
  • BZ - 630059 - CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
  • BZ - 630062 - CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)
  • BZ - 630064 - CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)
  • BZ - 630067 - CVE-2010-3167 Mozilla Dangling pointer vulnerability in nsTreeContentView (MFSA 2010-56)
  • BZ - 630074 - CVE-2010-2768 Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started