LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-seam-20110621 (seamonkey)



From:
    	      Troy Dawson <dawson@fnal.gov> 


To:
    	      "scientific-linux-errata@fnal.gov" <scientific-linux-errata@fnal.gov> 


Subject:
    	      Security ERRATA Critical: seamonkey on SL4.x i386/x86_64 


Date:
    	      Wed, 22 Jun 2011 11:37:24 -0500


Message-ID:
    	      <4E021A44.6010200@fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:    Critical: seamonkey security update
Issue Date:  2011-06-21
CVE Numbers: CVE-2011-2364
              CVE-2011-2373
              CVE-2011-2371
              CVE-2011-0083
              CVE-2011-2362
              CVE-2011-2377


SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

A flaw was found in the way SeaMonkey handled malformed JPEG images. A
website containing a malicious JPEG image could cause SeaMonkey to crash
or, potentially, execute arbitrary code with the privileges of the user
running SeaMonkey. (CVE-2011-2377)

Multiple dangling pointer flaws were found in SeaMonkey. A web page
containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user 
running SeaMonkey. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363)

Several flaws were found in the processing of malformed web content. A 
web page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user 
running SeaMonkey. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, 
CVE-2011-2375, CVE-2011-2376)

An integer overflow flaw was found in the way SeaMonkey handled 
JavaScript Array objects. A website containing malicious JavaScript 
could cause SeaMonkey to execute that JavaScript with the privileges of 
the user running SeaMonkey. (CVE-2011-2371)

A use-after-free flaw was found in the way SeaMonkey handled malformed
JavaScript. A website containing malicious JavaScript could cause 
SeaMonkey to execute that JavaScript with the privileges of the user 
running SeaMonkey. (CVE-2011-2373)

It was found that SeaMonkey could treat two separate cookies as
interchangeable if both were for the same domain name but one of those
domain names had a trailing "." character. This violates the same-origin
policy and could possibly lead to data being leaked to the wrong domain.
(CVE-2011-2362)

All SeaMonkey users should upgrade to these updated packages, which 
correct these issues. After installing the update, SeaMonkey must be 
restarted for the changes to take effect.

SL4:
   i386
      seamonkey-1.0.9-71.el4.i386.rpm
      seamonkey-mail-1.0.9-71.el4.i386.rpm
      seamonkey-js-debugger-1.0.9-71.el4.i386.rpm
      seamonkey-dom-inspector-1.0.9-71.el4.i386.rpm
      seamonkey-devel-1.0.9-71.el4.i386.rpm
      seamonkey-chat-1.0.9-71.el4.i386.rpm
   x86_64
      seamonkey-js-debugger-1.0.9-71.el4.x86_64.rpm
      seamonkey-dom-inspector-1.0.9-71.el4.x86_64.rpm
      seamonkey-devel-1.0.9-71.el4.x86_64.rpm
      seamonkey-chat-1.0.9-71.el4.x86_64.rpm
      seamonkey-1.0.9-71.el4.x86_64.rpm
      seamonkey-mail-1.0.9-71.el4.x86_64.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds