Executive Summary
Summary | |
---|---|
Title | seamonkey security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:1167 | First vendor Publication | 2011-08-16 |
Vendor | RedHat | Last vendor Modification | 2011-08-16 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2982) A flaw was found in the way SeaMonkey handled malformed JavaScript. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2983) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 730518 - CVE-2011-2982 Mozilla: Miscellaneous memory safety hazards 730523 - CVE-2011-2983 Mozilla: Private data leakage using RegExp.input |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-1167.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14272 | |||
Oval ID: | oval:org.mitre.oval:def:14272 | ||
Title: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
Description: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2983 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14294 | |||
Oval ID: | oval:org.mitre.oval:def:14294 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2982 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15242 | |||
Oval ID: | oval:org.mitre.oval:def:15242 | ||
Title: | USN-1184-1 -- Firefox and Xulrunner vulnerabilities | ||
Description: | firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1184-1 CVE-2011-2982 CVE-2011-2981 CVE-2011-0084 CVE-2011-2984 CVE-2011-2378 CVE-2011-2983 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15385 | |||
Oval ID: | oval:org.mitre.oval:def:15385 | ||
Title: | USN-1185-1 -- Thunderbird vulnerabilities | ||
Description: | thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1185-1 CVE-2011-2982 CVE-2011-2981 CVE-2011-0084 CVE-2011-2984 CVE-2011-2378 CVE-2011-2983 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21724 | |||
Oval ID: | oval:org.mitre.oval:def:21724 | ||
Title: | RHSA-2011:1165: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1165-01 CESA-2011:1165 CVE-2011-2982 CVE-2011-2983 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22128 | |||
Oval ID: | oval:org.mitre.oval:def:22128 | ||
Title: | RHSA-2011:1166: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1166-01 CVE-2011-0084 CVE-2011-2378 CVE-2011-2982 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23363 | |||
Oval ID: | oval:org.mitre.oval:def:23363 | ||
Title: | ELSA-2011:1165: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1165-01 CVE-2011-2982 CVE-2011-2983 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23743 | |||
Oval ID: | oval:org.mitre.oval:def:23743 | ||
Title: | ELSA-2011:1166: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1166-01 CVE-2011-0084 CVE-2011-2378 CVE-2011-2982 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28033 | |||
Oval ID: | oval:org.mitre.oval:def:28033 | ||
Title: | DEPRECATED: ELSA-2011-1166 -- thunderbird security update (critical) | ||
Description: | [3.1.12-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.12-1] - Update to 3.1.12 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1166 CVE-2011-0084 CVE-2011-2378 CVE-2011-2982 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1167 centos4 x86_64 File : nvt/gb_CESA-2011_1167_seamonkey_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1165 centos5 x86_64 File : nvt/gb_CESA-2011_1165_thunderbird_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1164 centos4 x86_64 File : nvt/gb_CESA-2011_1164_firefox_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1164 centos5 x86_64 File : nvt/gb_CESA-2011_1164_firefox_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for xulrunner CESA-2011:1164 centos5 x86_64 File : nvt/gb_CESA-2011_1164_xulrunner_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1165 centos4 x86_64 File : nvt/gb_CESA-2011_1165_thunderbird_centos4_x86_64.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1166-01 File : nvt/gb_RHSA-2011_1166-01_thunderbird.nasl |
2011-09-23 | Name : CentOS Update for thunderbird CESA-2011:1165 centos5 i386 File : nvt/gb_CESA-2011_1165_thunderbird_centos5_i386.nasl |
2011-09-23 | Name : CentOS Update for firefox CESA-2011:1164 centos5 i386 File : nvt/gb_CESA-2011_1164_firefox_centos5_i386.nasl |
2011-09-23 | Name : CentOS Update for xulrunner CESA-2011:1164 centos5 i386 File : nvt/gb_CESA-2011_1164_xulrunner_centos5_i386.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2296-1 (iceweasel) File : nvt/deb_2296_1.nasl |
2011-09-21 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox58.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2297-1 (icedove) File : nvt/deb_2297_1.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2295-1 (iceape) File : nvt/deb_2295_1.nasl |
2011-09-09 | Name : Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_sep11_win01.nasl |
2011-09-07 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2011:037 File : nvt/gb_suse_2011_037.nasl |
2011-08-27 | Name : Ubuntu Update for thunderbird USN-1185-1 File : nvt/gb_ubuntu_USN_1185_1.nasl |
2011-08-24 | Name : Ubuntu Update for firefox USN-1184-1 File : nvt/gb_ubuntu_USN_1184_1.nasl |
2011-08-19 | Name : CentOS Update for thunderbird CESA-2011:1165 centos4 i386 File : nvt/gb_CESA-2011_1165_thunderbird_centos4_i386.nasl |
2011-08-19 | Name : CentOS Update for firefox CESA-2011:1164 centos4 i386 File : nvt/gb_CESA-2011_1164_firefox_centos4_i386.nasl |
2011-08-19 | Name : CentOS Update for seamonkey CESA-2011:1167 centos4 i386 File : nvt/gb_CESA-2011_1167_seamonkey_centos4_i386.nasl |
2011-08-19 | Name : RedHat Update for firefox RHSA-2011:1164-01 File : nvt/gb_RHSA-2011_1164-01_firefox.nasl |
2011-08-19 | Name : RedHat Update for thunderbird RHSA-2011:1165-01 File : nvt/gb_RHSA-2011_1165-01_thunderbird.nasl |
2011-08-19 | Name : RedHat Update for seamonkey RHSA-2011:1167-01 File : nvt/gb_RHSA-2011_1167-01_seamonkey.nasl |
2011-08-19 | Name : Mandriva Update for mozilla MDVSA-2011:127 (mozilla) File : nvt/gb_mandriva_MDVSA_2011_127.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74586 | Mozilla Multiple Products RegExp.input Property Same Origin Policy Bypass Inf... |
74585 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2982) Multiple memory corruption flaws exist in multiple Mozilla products. The programs fail to sanitize unspecified user-supplied input, resulting in memory corruption. This may allow a context-dependent attacker to execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25292 - Revision : 3 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25291 - Revision : 3 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25290 - Revision : 3 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25289 - Revision : 3 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox iframe and xul element reload crash attempt RuleID : 25228 - Revision : 7 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox iframe and xul element reload crash attempt RuleID : 25227 - Revision : 6 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110817.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110826.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110826.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110817.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1165.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1167.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1166.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1164.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110816_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110816_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110816_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110816_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7713.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7712.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110824.nasl - Type : ACT_GATHER_INFO |
2011-08-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1185-1.nasl - Type : ACT_GATHER_INFO |
2011-08-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2297.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1184-1.nasl - Type : ACT_GATHER_INFO |
2011-08-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-127.nasl - Type : ACT_GATHER_INFO |
2011-08-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3620.nasl - Type : ACT_GATHER_INFO |
2011-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2296.nasl - Type : ACT_GATHER_INFO |
2011-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2295.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1165.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1167.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1166.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1164.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1164.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a mail client may be affected by multiple vu... File : mozilla_thunderbird_3112.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_834591a9c82f11e0897d6c626dd55a41.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1167.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1165.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:01 |
|