Executive Summary
Summary | |
---|---|
Title | seamonkey security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0084 | First vendor Publication | 2012-02-01 |
Vendor | RedHat | Last vendor Modification | 2012-02-01 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated seamonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2012-0442) The same-origin policy in SeaMonkey treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client's IP and user e-mail address, or httpOnly cookies) that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets. (CVE-2011-3670) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 785085 - CVE-2012-0442 Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01) 785464 - CVE-2011-3670 Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0084.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14678 | |||
Oval ID: | oval:org.mitre.oval:def:14678 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0442 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14814 | |||
Oval ID: | oval:org.mitre.oval:def:14814 | ||
Title: | Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3670 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15231 | |||
Oval ID: | oval:org.mitre.oval:def:15231 | ||
Title: | USN-1350-1 -- Thunderbird vulnerabilities | ||
Description: | thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1350-1 CVE-2012-0442 CVE-2011-3659 CVE-2012-0444 CVE-2012-0449 CVE-2011-3670 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15451 | |||
Oval ID: | oval:org.mitre.oval:def:15451 | ||
Title: | USN-1353-1 -- Xulrunnner vulnerabilities | ||
Description: | xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Xulrunner. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1353-1 CVE-2012-0442 CVE-2011-3659 CVE-2012-0444 CVE-2012-0449 CVE-2011-3670 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Xulrunnner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21230 | |||
Oval ID: | oval:org.mitre.oval:def:21230 | ||
Title: | RHSA-2012:0085: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0085-01 CESA-2012:0085 CVE-2011-3670 CVE-2012-0442 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22851 | |||
Oval ID: | oval:org.mitre.oval:def:22851 | ||
Title: | ELSA-2012:0085: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0085-01 CVE-2011-3670 CVE-2012-0442 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities) File : nvt/deb_2406_1.nasl |
2012-08-03 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0234-1 (MozillaFirefox) File : nvt/gb_suse_2012_0234_1.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos4 File : nvt/gb_CESA-2012_0079_firefox_centos4.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos5 File : nvt/gb_CESA-2012_0079_firefox_centos5.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos6 File : nvt/gb_CESA-2012_0079_firefox_centos6.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0080 centos6 File : nvt/gb_CESA-2012_0080_thunderbird_centos6.nasl |
2012-07-30 | Name : CentOS Update for seamonkey CESA-2012:0084 centos4 File : nvt/gb_CESA-2012_0084_seamonkey_centos4.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos4 File : nvt/gb_CESA-2012_0085_thunderbird_centos4.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos5 File : nvt/gb_CESA-2012_0085_thunderbird_centos5.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0080-01 File : nvt/gb_RHSA-2012_0080-01_thunderbird.nasl |
2012-03-16 | Name : Ubuntu Update for thunderbird USN-1369-1 File : nvt/gb_ubuntu_USN_1369_1.nasl |
2012-02-13 | Name : Ubuntu Update for xulrunner-1.9.2 USN-1353-1 File : nvt/gb_ubuntu_USN_1353_1.nasl |
2012-02-13 | Name : Ubuntu Update for thunderbird USN-1350-1 File : nvt/gb_ubuntu_USN_1350_1.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2402-1 (iceape) File : nvt/deb_2402_1.nasl |
2012-02-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox63.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2400-1 (iceweasel) File : nvt/deb_2400_1.nasl |
2012-02-06 | Name : Mandriva Update for mozilla MDVSA-2012:013 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_013.nasl |
2012-02-06 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl |
2012-02-06 | Name : Ubuntu Update for firefox USN-1355-1 File : nvt/gb_ubuntu_USN_1355_1.nasl |
2012-02-06 | Name : Ubuntu Update for mozvoikko USN-1355-2 File : nvt/gb_ubuntu_USN_1355_2.nasl |
2012-02-06 | Name : Ubuntu Update for ubufox USN-1355-3 File : nvt/gb_ubuntu_USN_1355_3.nasl |
2012-02-03 | Name : Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vuln... File : nvt/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl |
2012-02-03 | Name : Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vuln... File : nvt/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl |
2012-02-03 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_feb12.nasl |
2012-02-03 | Name : RedHat Update for thunderbird RHSA-2012:0085-01 File : nvt/gb_RHSA-2012_0085-01_thunderbird.nasl |
2012-02-03 | Name : RedHat Update for seamonkey RHSA-2012:0084-01 File : nvt/gb_RHSA-2012_0084-01_seamonkey.nasl |
2012-02-01 | Name : RedHat Update for firefox RHSA-2012:0079-01 File : nvt/gb_RHSA-2012_0079-01_firefox.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20130313.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-120207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-83.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1369-1.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner192-120206.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2406.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1353-1.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1350-1.nasl - Type : ACT_GATHER_INFO |
2012-02-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7949.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1355-1.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1355-2.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-013.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1355-3.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-10-120202.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2402.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2400.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0a9e2b724cb711e1914614dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3118.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_100.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_3626.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_100.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_3_1_18.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_10_0.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_3_6_26.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_10_0.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a web browser that is affected by several vu... File : seamonkey_27.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:33 |
|