Executive Summary
Summary | |
---|---|
Title | seamonkey security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:0257 | First vendor Publication | 2009-02-04 |
Vendor | RedHat | Last vendor Modification | 2009-02-04 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated seamonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0352, CVE-2009-0353) A flaw was found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a SeaMonkey user into uploading a local file. (CVE-2009-0355) A flaw was found in the way SeaMonkey treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 483139 - CVE-2009-0352 Firefox layout crashes with evidence of memory corruption 483141 - CVE-2009-0353 Firefox javascript crashes with evidence of memory corruption 483143 - CVE-2009-0355 Firefox local file stealing with SessionStore 483145 - CVE-2009-0357 Firefox XMLHttpRequest allows reading HTTPOnly cookies |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-0257.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13873 | |||
Oval ID: | oval:org.mitre.oval:def:13873 | ||
Title: | USN-717-2 -- firefox-3.0 vulnerabilities | ||
Description: | A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user�s system. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information | ||
Family: | unix | Class: | patch |
Reference(s): | USN-717-2 CVE-2009-0355 CVE-2009-0357 | Version: | 5 |
Platform(s): | Ubuntu 7.10 | Product(s): | firefox-3.0 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0258 centos5 i386 File : nvt/gb_CESA-2009_0258_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0258 centos4 i386 File : nvt/gb_CESA-2009_0258_thunderbird_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257 centos4 i386 File : nvt/gb_CESA-2009_0257_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257 centos3 i386 File : nvt/gb_CESA-2009_0257_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257-01 centos2 i386 File : nvt/gb_CESA-2009_0257-01_seamonkey_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0256 centos5 i386 File : nvt/gb_CESA-2009_0256_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0256 centos4 i386 File : nvt/gb_CESA-2009_0256_firefox_centos4_i386.nasl |
2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox3.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl |
2009-06-05 | Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl |
2009-05-20 | Name : CentOS Security Advisory CESA-2009:0258 (thunderbird) File : nvt/ovcesa2009_0258.nasl |
2009-04-20 | Name : SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox) File : nvt/suse_sa_2009_023.nasl |
2009-04-06 | Name : Fedora Core 9 FEDORA-2009-3101 (seamonkey) File : nvt/fcore_2009_3101.nasl |
2009-04-06 | Name : Fedora Core 10 FEDORA-2009-3161 (seamonkey) File : nvt/fcore_2009_3161.nasl |
2009-04-06 | Name : Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird) File : nvt/mdksa_2009_083.nasl |
2009-03-31 | Name : Ubuntu USN-741-1 (thunderbird) File : nvt/ubuntu_741_1.nasl |
2009-03-31 | Name : Fedora Core 9 FEDORA-2009-2884 (thunderbird) File : nvt/fcore_2009_2884.nasl |
2009-03-31 | Name : Ubuntu USN-742-1 (jasper) File : nvt/ubuntu_742_1.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0258 File : nvt/RHSA_2009_0258.nasl |
2009-03-31 | Name : Fedora Core 10 FEDORA-2009-2882 (thunderbird) File : nvt/fcore_2009_2882.nasl |
2009-02-23 | Name : Mandrake Security Advisory MDVSA-2009:044 (firefox) File : nvt/mdksa_2009_044.nasl |
2009-02-20 | Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_feb09_win.nasl |
2009-02-20 | Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_feb09_win.nasl |
2009-02-20 | Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_feb09_lin.nasl |
2009-02-20 | Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_feb09_lin.nasl |
2009-02-20 | Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_firefox_mult_vuln_feb09_win.nasl |
2009-02-20 | Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_firefox_mult_vuln_feb09_lin.nasl |
2009-02-18 | Name : SuSE Security Advisory SUSE-SA:2009:009 (MozillaFirefox) File : nvt/suse_sa_2009_009.nasl |
2009-02-13 | Name : Fedora Core 9 FEDORA-2009-1399 (xulrunner) File : nvt/fcore_2009_1399.nasl |
2009-02-13 | Name : Fedora Core 10 FEDORA-2009-1398 (xulrunner) File : nvt/fcore_2009_1398.nasl |
2009-02-13 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox37.nasl |
2009-02-13 | Name : Ubuntu USN-717-1 (xulrunner-1.9) File : nvt/ubuntu_717_1.nasl |
2009-02-13 | Name : Ubuntu USN-717-2 (firefox-3.0) File : nvt/ubuntu_717_2.nasl |
2009-02-13 | Name : Ubuntu USN-717-3 (firefox) File : nvt/ubuntu_717_3.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0256 (firefox) File : nvt/ovcesa2009_0256.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0257-01 (seamonkey) File : nvt/ovcesa2009_0257_01.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0257 (seamonkey) File : nvt/ovcesa2009_0257.nasl |
2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0256 File : nvt/RHSA_2009_0256.nasl |
2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0257 File : nvt/RHSA_2009_0257.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-083-03 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_083_03.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-083-02 seamonkey File : nvt/esoft_slk_ssa_2009_083_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51940 | Mozilla Multiple Products Layout Engine nsStyleContext::Destroy Multiple Meth... |
51939 | Mozilla Multiple Products Layout Engine nsOverflowContinuationTracker::Insert... |
51938 | Mozilla Multiple Products Layout Engine nsContainerFrame::ReflowOverflowConta... |
51937 | Mozilla Multiple Products Layout Engine nsViewManager::Composite() Layout Obj... |
51936 | Mozilla Multiple Products Layout Engine nsTransactionItem.cpp PlaceholderTxn:... |
51935 | Mozilla Multiple Products Layout Engine nsAttributeTextNode GetStrokeDash* Me... |
51934 | Mozilla Multiple Products Layout Engine nsStyleContext::Release Memory Corrup... |
51933 | Mozilla Multiple Products Layout Engine nsContainerFrame.cpp Frame Tree Handl... |
51932 | Mozilla Multiple Products Layout Engine nsContentUtils::ComparePosition Memor... |
51931 | Mozilla Multiple Products Layout Engine File Open Dialog input type Manipulat... |
51930 | Mozilla Firefox components/sessionstore/src/nsSessionStore.js file INPUT Elem... |
51929 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
51926 | Mozilla Multiple Products XMLHttpRequest Call Set-Cookie Response Header Rest... Firefox and SeaMonkey contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when cookies marked HTTPOnly are readable by JavaScript, which will disclose contents of the 'Set-Cookie' response header resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-717-3.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-717-2.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090324_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090204_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090204_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6187.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-717-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-741-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-1398.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2882.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-083.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-044.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3161.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6194.nasl - Type : ACT_GATHER_INFO |
2009-03-31 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3101.nasl - Type : ACT_GATHER_INFO |
2009-03-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-02.nasl - Type : ACT_GATHER_INFO |
2009-03-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-03.nasl - Type : ACT_GATHER_INFO |
2009-03-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
2009-03-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2884.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO |
2009-02-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8b491182f84211dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-02-06 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-1399.nasl - Type : ACT_GATHER_INFO |
2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_306.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:14 |
|