Executive Summary
Summary | |
---|---|
Title | seamonkey security update |
Informations | |||
---|---|---|---|
Name | RHSA-2006:0759 | First vendor Publication | 2006-12-19 |
Vendor | RedHat | Last vendor Modification | 2006-12-19 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-6497) A heap based buffer overflow flaw was found in the way SeaMonkey Mail parses the Content-Type mail header. A malicious mail message could cause the SeaMonkey Mail client to crash or possibly execute arbitrary code as the user running SeaMonkey Mail. (CVE-2006-6505) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.7 that corrects these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 219684 - CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2006-0759.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-254 | Security Features |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Solaris Update for Mozilla 1.7 119115-35 File : nvt/gb_solaris_119115_35.nasl |
2009-10-13 | Name : Solaris Update for Mozilla 1.7_x86 119116-35 File : nvt/gb_solaris_119116_35.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:010 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_010.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:011 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_011.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-398-1 File : nvt/gb_ubuntu_USN_398_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-398-2 File : nvt/gb_ubuntu_USN_398_2.nasl |
2009-03-23 | Name : Ubuntu Update for firefox regression USN-398-4 File : nvt/gb_ubuntu_USN_398_4.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-400-1 File : nvt/gb_ubuntu_USN_400_1.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2006-004 File : nvt/gb_fedora_2006_004_thunderbird_fc5.nasl |
2009-01-28 | Name : SuSE Update for mozilla SUSE-SA:2007:006 File : nvt/gb_suse_2007_006.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-02 (mozilla-firefox) File : nvt/glsa_200701_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-03 (mozilla-thunderbird) File : nvt/glsa_200701_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-04 (seamonkey) File : nvt/glsa_200701_04.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1253-1 (mozilla-firefox) File : nvt/deb_1253_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1258-1 (mozilla-firefox) File : nvt/deb_1258_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1265-1 (mozilla) File : nvt/deb_1265_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31350 | Mozilla Multiple Products rfc2047-encoded Header Handling Overflow |
31349 | Mozilla Multiple Products Content-Type Header Processing Overflow |
31348 | Mozilla Multiple Products Layout Engine Memory Corruption |
31347 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
31344 | Mozilla Multiple Products JavaScript watch() Function Privilege Escalation |
31343 | Mozilla Multiple Products LiveConnect JS Object Finalization DoS |
31342 | Mozilla Multiple Products img.src javascript: URI XSS |
31341 | Mozilla Multiple Products SVG Processing Remote Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt RuleID : 20667 - Revision : 9 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt RuleID : 20666 - Revision : 6 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla products frame comment objects manipulation memory corruption attempt RuleID : 18296 - Revision : 5 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla products frame comment objects manipulation memory corruption attempt RuleID : 15999 - Revision : 9 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-2423.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-400-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-4.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-2418.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-2421.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-2432.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1265.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-010.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-011.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1258.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1253.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-004.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1491.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2006-1492.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1499.nasl - Type : ACT_GATHER_INFO |
2007-01-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-04.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-03.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-02.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_107.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1509.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1509.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:20 |
|