Executive Summary
Summary | |
---|---|
Title | seamonkey security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:1344 | First vendor Publication | 2011-09-28 |
Vendor | RedHat | Last vendor Modification | 2011-09-28 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated seamonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2998) 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 741904 - CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38) 741924 - CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-1344.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14012 | |||
Oval ID: | oval:org.mitre.oval:def:14012 | ||
Title: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
Description: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2998 | Version: | 11 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14252 | |||
Oval ID: | oval:org.mitre.oval:def:14252 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2999 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22014 | |||
Oval ID: | oval:org.mitre.oval:def:22014 | ||
Title: | RHSA-2011:1343: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1343-01 CESA-2011:1343 CVE-2011-2998 CVE-2011-2999 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22887 | |||
Oval ID: | oval:org.mitre.oval:def:22887 | ||
Title: | ELSA-2011:1343: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1343-01 CVE-2011-2998 CVE-2011-2999 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 x86_64 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_x86_64.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1342-01 File : nvt/gb_RHSA-2011_1342-01_thunderbird.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2313-1 (iceweasel) File : nvt/deb_2313_1.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2317-1 (icedove) File : nvt/deb_2317_1.nasl |
2011-10-16 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox59.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2312-1 (iceape) File : nvt/deb_2312_1.nasl |
2011-10-14 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (MAC OS X) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (MAC ... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_macosx.nasl |
2011-10-10 | Name : Ubuntu Update for mozvoikko USN-1222-2 File : nvt/gb_ubuntu_USN_1222_2.nasl |
2011-10-04 | Name : Mandriva Update for firefox MDVSA-2011:139 (firefox) File : nvt/gb_mandriva_MDVSA_2011_139.nasl |
2011-10-04 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:140 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_140.nasl |
2011-10-04 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Wind... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_win.nasl |
2011-10-04 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_win.nasl |
2011-09-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 i386 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_i386.nasl |
2011-09-30 | Name : RedHat Update for firefox RHSA-2011:1341-01 File : nvt/gb_RHSA-2011_1341-01_firefox.nasl |
2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_i386.nasl |
2011-09-30 | Name : RedHat Update for thunderbird RHSA-2011:1343-01 File : nvt/gb_RHSA-2011_1343-01_thunderbird.nasl |
2011-09-30 | Name : RedHat Update for seamonkey RHSA-2011:1344-01 File : nvt/gb_RHSA-2011_1344-01_seamonkey.nasl |
2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_i386.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 i386 File : nvt/gb_CESA-2011_1341_firefox_centos5_i386.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1210-1 File : nvt/gb_ubuntu_USN_1210_1.nasl |
2011-09-30 | Name : Ubuntu Update for thunderbird USN-1213-1 File : nvt/gb_ubuntu_USN_1213_1.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1222-1 File : nvt/gb_ubuntu_USN_1222_1.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 i386 File : nvt/gb_CESA-2011_1341_firefox_centos4_i386.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75838 | Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol... |
75837 | Mozilla Firefox Regular Expression Unspecified Underflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120404_2.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-9.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-141.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7784.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111114.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111004.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7783.nasl - Type : ACT_GATHER_INFO |
2011-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2317.nasl - Type : ACT_GATHER_INFO |
2011-10-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1222-2.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-140.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_23.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-139.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2312.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2313.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1222-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1213-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1210-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3623.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1fade8a3e9e811e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2011-08-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_60.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_23.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_60.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:10 |
|