Synopsis: Critical: seamonkey security update Issue date: 2007-05-30 CVE Names: CVE-2007-1362 CVE-2007-1562 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871 Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site. (CVE-2007-2870) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) SL 3.0.x SRPMS: seamonkey-1.0.9-0.1.SL3.src.rpm i386: seamonkey-1.0.9-0.1.SL3.i386.rpm seamonkey-chat-1.0.9-0.1.SL3.i386.rpm seamonkey-devel-1.0.9-0.1.SL3.i386.rpm seamonkey-dom-inspector-1.0.9-0.1.SL3.i386.rpm seamonkey-js-debugger-1.0.9-0.1.SL3.i386.rpm seamonkey-mail-1.0.9-0.1.SL3.i386.rpm seamonkey-nspr-1.0.9-0.1.SL3.i386.rpm seamonkey-nspr-devel-1.0.9-0.1.SL3.i386.rpm seamonkey-nss-1.0.9-0.1.SL3.i386.rpm seamonkey-nss-devel-1.0.9-0.1.SL3.i386.rpm x86_64: seamonkey-1.0.9-0.1.SL3.i386.rpm seamonkey-1.0.9-0.1.SL3.x86_64.rpm seamonkey-chat-1.0.9-0.1.SL3.i386.rpm seamonkey-chat-1.0.9-0.1.SL3.x86_64.rpm seamonkey-devel-1.0.9-0.1.SL3.x86_64.rpm seamonkey-dom-inspector-1.0.9-0.1.SL3.i386.rpm seamonkey-dom-inspector-1.0.9-0.1.SL3.x86_64.rpm seamonkey-js-debugger-1.0.9-0.1.SL3.i386.rpm seamonkey-js-debugger-1.0.9-0.1.SL3.x86_64.rpm seamonkey-mail-1.0.9-0.1.SL3.i386.rpm seamonkey-mail-1.0.9-0.1.SL3.x86_64.rpm seamonkey-nspr-1.0.9-0.1.SL3.i386.rpm seamonkey-nspr-1.0.9-0.1.SL3.x86_64.rpm seamonkey-nspr-devel-1.0.9-0.1.SL3.x86_64.rpm seamonkey-nss-1.0.9-0.1.SL3.i386.rpm seamonkey-nss-1.0.9-0.1.SL3.x86_64.rpm seamonkey-nss-devel-1.0.9-0.1.SL3.x86_64.rpm SL 4.x SRPMS: devhelp-0.10-0.8.el4.src.rpm seamonkey-1.0.9-2.el4.src.rpm i386: devhelp-0.10-0.8.el4.i386.rpm devhelp-devel-0.10-0.8.el4.i386.rpm seamonkey-1.0.9-2.el4.i386.rpm seamonkey-chat-1.0.9-2.el4.i386.rpm seamonkey-devel-1.0.9-2.el4.i386.rpm seamonkey-dom-inspector-1.0.9-2.el4.i386.rpm seamonkey-js-debugger-1.0.9-2.el4.i386.rpm seamonkey-mail-1.0.9-2.el4.i386.rpm seamonkey-nspr-1.0.9-2.el4.i386.rpm seamonkey-nspr-devel-1.0.9-2.el4.i386.rpm seamonkey-nss-1.0.9-2.el4.i386.rpm seamonkey-nss-devel-1.0.9-2.el4.i386.rpm x86_64: devhelp-0.10-0.8.el4.x86_64.rpm devhelp-devel-0.10-0.8.el4.x86_64.rpm seamonkey-1.0.9-2.el4.i386.rpm seamonkey-1.0.9-2.el4.x86_64.rpm seamonkey-chat-1.0.9-2.el4.i386.rpm seamonkey-chat-1.0.9-2.el4.x86_64.rpm seamonkey-devel-1.0.9-2.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-2.el4.i386.rpm seamonkey-dom-inspector-1.0.9-2.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-2.el4.i386.rpm seamonkey-js-debugger-1.0.9-2.el4.x86_64.rpm seamonkey-mail-1.0.9-2.el4.i386.rpm seamonkey-mail-1.0.9-2.el4.x86_64.rpm seamonkey-nspr-1.0.9-2.el4.i386.rpm seamonkey-nspr-1.0.9-2.el4.x86_64.rpm seamonkey-nspr-devel-1.0.9-2.el4.x86_64.rpm seamonkey-nss-1.0.9-2.el4.i386.rpm seamonkey-nss-1.0.9-2.el4.x86_64.rpm seamonkey-nss-devel-1.0.9-2.el4.x86_64.rpm -Connie Sieh -Troy Dawson