Subject: | |
From: | |
Reply To: | |
Date: | Thu, 24 Jun 2010 06:49:38 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Critical: seamonkey security update
Issue date: 2010-06-22
CVE Names: CVE-2010-0163 CVE-2010-1197 CVE-2010-1198
CVE-2010-1199 CVE-2010-1200
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user
running SeaMonkey. (CVE-2010-1200)
A flaw was found in the way browser plug-ins interact. It was possible
for a plug-in to reference the freed memory from a different plug-in,
resulting in the execution of arbitrary code with the privileges of the
user running SeaMonkey. (CVE-2010-1198)
An integer overflow flaw was found in the processing of malformed web
content. A web page containing malicious content could cause SeaMonkey
to crash or, potentially, execute arbitrary code with the privileges of
the user running SeaMonkey. (CVE-2010-1199)
A flaw was found in the way SeaMonkey processed mail attachments. A
specially-crafted mail message could cause SeaMonkey to crash.
(CVE-2010-0163)
A flaw was found in the way SeaMonkey handled the "Content-Disposition:
attachment" HTTP header when the "Content-Type: multipart" HTTP header
was also present. A website that allows arbitrary uploads and relies on
the "Content-Disposition: attachment" HTTP header to prevent content
from being displayed inline, could be used by an attacker to serve
malicious content to users. (CVE-2010-1197)
After installing the update, SeaMonkey must be restarted for the changes
to take effect.
SL 3.0.x
SRPMS:
seamonkey-1.0.9-0.55.el3.src.rpm
i386:
seamonkey-1.0.9-0.55.el3.i386.rpm
seamonkey-chat-1.0.9-0.55.el3.i386.rpm
seamonkey-devel-1.0.9-0.55.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.55.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.55.el3.i386.rpm
seamonkey-mail-1.0.9-0.55.el3.i386.rpm
seamonkey-nspr-1.0.9-0.55.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.55.el3.i386.rpm
seamonkey-nss-1.0.9-0.55.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.55.el3.i386.rpm
x86_64:
seamonkey-1.0.9-0.55.el3.i386.rpm
seamonkey-1.0.9-0.55.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.55.el3.i386.rpm
seamonkey-chat-1.0.9-0.55.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.55.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.55.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.55.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.55.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.55.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.55.el3.i386.rpm
seamonkey-mail-1.0.9-0.55.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.55.el3.i386.rpm
seamonkey-nspr-1.0.9-0.55.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.55.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.55.el3.i386.rpm
seamonkey-nss-1.0.9-0.55.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.55.el3.x86_64.rpm
SL 4.x
SRPMS:
seamonkey-1.0.9-58.el4_8.src.rpm
i386:
seamonkey-1.0.9-58.el4_8.i386.rpm
seamonkey-chat-1.0.9-58.el4_8.i386.rpm
seamonkey-devel-1.0.9-58.el4_8.i386.rpm
seamonkey-dom-inspector-1.0.9-58.el4_8.i386.rpm
seamonkey-js-debugger-1.0.9-58.el4_8.i386.rpm
seamonkey-mail-1.0.9-58.el4_8.i386.rpm
x86_64:
seamonkey-1.0.9-58.el4_8.i386.rpm
seamonkey-1.0.9-58.el4_8.x86_64.rpm
seamonkey-chat-1.0.9-58.el4_8.i386.rpm
seamonkey-chat-1.0.9-58.el4_8.x86_64.rpm
seamonkey-devel-1.0.9-58.el4_8.x86_64.rpm
seamonkey-dom-inspector-1.0.9-58.el4_8.i386.rpm
seamonkey-dom-inspector-1.0.9-58.el4_8.x86_64.rpm
seamonkey-js-debugger-1.0.9-58.el4_8.i386.rpm
seamonkey-js-debugger-1.0.9-58.el4_8.x86_64.rpm
seamonkey-mail-1.0.9-58.el4_8.i386.rpm
seamonkey-mail-1.0.9-58.el4_8.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|