Synopsis: Critical: seamonkey security update Issue date: 2011-04-28 CVE Names: CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0080) An arbitrary memory write flaw was found in the way SeaMonkey handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0078) An integer overflow flaw was found in the way SeaMonkey handled the HTML frameset tag. A web page with a frameset tag containing large values for the "rows" and "cols" attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0077) A flaw was found in the way SeaMonkey handled the HTML iframe tag. A web page with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0075) A flaw was found in the way SeaMonkey displayed multiple marquee elements. A malformed HTML document could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0074) A flaw was found in the way SeaMonkey handled the nsTreeSelection element. Malformed content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0073) A use-after-free flaw was found in the way SeaMonkey appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0072) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. SL 4.x i386: seamonkey-1.0.9-70.el4_8.i386.rpm seamonkey-chat-1.0.9-70.el4_8.i386.rpm seamonkey-devel-1.0.9-70.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-70.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-70.el4_8.i386.rpm seamonkey-mail-1.0.9-70.el4_8.i386.rpm x86_64: seamonkey-1.0.9-70.el4_8.i386.rpm seamonkey-1.0.9-70.el4_8.x86_64.rpm seamonkey-chat-1.0.9-70.el4_8.i386.rpm seamonkey-chat-1.0.9-70.el4_8.x86_64.rpm seamonkey-devel-1.0.9-70.el4_8.x86_64.rpm seamonkey-dom-inspector-1.0.9-70.el4_8.i386.rpm seamonkey-dom-inspector-1.0.9-70.el4_8.x86_64.rpm seamonkey-js-debugger-1.0.9-70.el4_8.i386.rpm seamonkey-js-debugger-1.0.9-70.el4_8.x86_64.rpm seamonkey-mail-1.0.9-70.el4_8.i386.rpm seamonkey-mail-1.0.9-70.el4_8.x86_64.rpm