Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0608
HistoryAug 04, 2006 - 8:56 p.m.

seamonkey security update

2006-08-0420:56:41
CentOS Project
lists.centos.org
50

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON

CentOS Errata and Security Advisory CESA-2006:0608

SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of “chrome”, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-3807,
CVE-2006-3809, CVE-2006-3812)

Several denial of service flaws were found in the way SeaMonkey processed
certain web content. A malicious web page could crash the browser or
possibly execute arbitrary code as the user running SeaMonkey.
(CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805,
CVE-2006-3806, CVE-2006-3811)

A buffer overflow flaw was found in the way SeaMonkey Messenger displayed
malformed inline vcard attachments. If a victim viewed an email message
containing a carefully crafted vcard, it was possible to execute arbitrary
code as the user running SeaMonkey Messenger. (CVE-2006-3804)

Several flaws were found in the way SeaMonkey processed certain javascript
actions. A malicious web page could conduct a cross-site scripting attack
or steal sensitive information (such as cookies owned by other domains).
(CVE-2006-3802, CVE-2006-3810)

A flaw was found in the way SeaMonkey processed Proxy AutoConfig scripts. A
malicious Proxy AutoConfig server could execute arbitrary javascript
instructions with the permissions of “chrome”, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-3808)

Users of SeaMonkey are advised to upgrade to this update, which contains
SeaMonkey version 1.0.3 that corrects these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075277.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075284.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075285.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075286.html

Affected packages:
seamonkey
seamonkey-chat
seamonkey-devel
seamonkey-dom-inspector
seamonkey-js-debugger
seamonkey-mail
seamonkey-nspr
seamonkey-nspr-devel
seamonkey-nss
seamonkey-nss-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0608

OSVersionArchitecturePackageVersionFilename
CentOS3ia64seamonkey< 1.0.3-0.el3.1.centos3seamonkey-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-chat< 1.0.3-0.el3.1.centos3seamonkey-chat-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-devel< 1.0.3-0.el3.1.centos3seamonkey-devel-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-dom-inspector< 1.0.3-0.el3.1.centos3seamonkey-dom-inspector-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-js-debugger< 1.0.3-0.el3.1.centos3seamonkey-js-debugger-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-mail< 1.0.3-0.el3.1.centos3seamonkey-mail-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-nspr< 1.0.3-0.el3.1.centos3seamonkey-nspr-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-nspr-devel< 1.0.3-0.el3.1.centos3seamonkey-nspr-devel-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-nss< 1.0.3-0.el3.1.centos3seamonkey-nss-1.0.3-0.el3.1.centos3.ia64.rpm
CentOS3ia64seamonkey-nss-devel< 1.0.3-0.el3.1.centos3seamonkey-nss-devel-1.0.3-0.el3.1.centos3.ia64.rpm
Rows per page:
1-10 of 531

Related

nessus 35
suse 1
redhat 5
openvas 26
ubuntu 4
gentoo 3
freebsd 1
securityvulns 4
debian 6
osv 3
centos 4
oraclelinux 2
mozilla 13
ubuntucve 14
checkpoint_advisories 6
cve 16
cert 11
debiancve 14
saint 4
seebug 3
exploitpack 1
packetstorm 1
zdi 1
exploitdb 1
prion 2
nessus
nessus
GLSA-200608-02 : Mozilla SeaMonkey: Multiple vulnerabilities
2006-08-04 00:00:00
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1981)
2007-10-17 00:00:00
SuSE 10 Security Update : Firefox (ZYPP Patch Number 1960)
2007-12-13 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2006-08-16 15:11:18
redhat
redhat
(RHSA-2006:0608) seamonkey security update
2006-07-27 00:00:00
(RHSA-2006:0594) seamonkey security update (was mozilla)
2006-08-28 00:00:00
(RHSA-2006:0609) seamonkey security update
2006-08-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200608-02 (SeaMonkey)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200608-02 (SeaMonkey)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200608-03 (Firefox)
2008-09-24 00:00:00
ubuntu
ubuntu
firefox vulnerabilities
2006-07-28 00:00:00
Thunderbird vulnerabilities
2006-07-29 00:00:00
Thunderbird vulnerabilities
2006-09-22 00:00:00
gentoo
gentoo
Mozilla SeaMonkey: Multiple vulnerabilities
2006-08-03 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-08-03 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-08-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-07-25 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities
2006-07-28 00:00:00
[Full-disclosure] Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption
2006-07-27 00:00:00
[Full-disclosure] ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability
2006-07-27 00:00:00
debian
debian
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities
2006-08-29 17:17:51
[SECURITY] [DSA 1161-2] New Mozilla Firefox packages fix several vulnerabilities
2006-09-13 11:03:17
[SECURITY] [DSA 1160-2] New Mozilla packages fix several vulnerabilities
2006-09-15 04:42:07
osv
osv
mozilla-firefox - several vulnerabilities
2006-08-29 00:00:00
mozilla-thunderbird - several
2006-08-28 00:00:00
mozilla - several
2006-08-29 00:00:00
centos
centos
seamonkey security update
2006-09-05 00:01:38
devhelp, seamonkey security update
2006-08-05 15:16:05
thunderbird security update
2006-07-29 11:51:27
oraclelinux
oraclelinux
Critical thunderbird security update
2006-12-07 00:00:00
Critical firefox security update
2006-12-07 00:00:00
mozilla
mozilla
JavaScript engine vulnerabilities — Mozilla
2006-07-25 00:00:00
Code execution through deleted frame reference — Mozilla
2006-07-25 00:00:00
XSS with XPCNativeWrapper(window).Function(...) — Mozilla
2006-07-25 00:00:00
ubuntucve
ubuntucve
CVE-2006-3801
2006-07-27 00:00:00
CVE-2006-3803
2006-07-27 00:00:00
CVE-2006-3808
2006-07-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox New Function Garbage Collection Code Execution - Ver2 (CVE-2006-3803)
2014-01-07 00:00:00
Mozilla Firefox Javascript Deleted Frame Reference Code Execution - Ver2 (CVE-2006-3801)
2014-03-03 00:00:00
Mozilla Firefox Javascript Engine Code Execution - Ver2 (CVE-2006-3806)
2014-12-28 00:00:00
cve
cve
CVE-2006-3803
2006-07-27 19:04:00
CVE-2006-3809
2006-07-27 20:04:00
CVE-2006-3808
2006-07-27 20:04:00
cert
cert
Mozilla products contain a race condition
2006-07-27 00:00:00
Mozilla products VCard attachment buffer overflow
2006-07-27 00:00:00
Mozilla products fail to properly handle frame references
2006-07-27 00:00:00
debiancve
debiancve
CVE-2006-3804
2006-07-27 19:04:00
CVE-2006-3801
2006-07-27 20:04:00
CVE-2006-3806
2006-07-27 19:04:00
saint
saint
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
seebug
seebug
Mozilla Firefox &lt;= 1.5.0.4 Javascript Navigator Object Code Execution PoC
2006-07-28 00:00:00
Mozilla Firefox Javascript Navigator Object Remote Code Execution Vulnerability
2006-10-24 00:00:00
Mozilla Firefox <= 1.5.0.4 - Javascript Navigator Object Code Execution PoC
2014-07-01 00:00:00
exploitpack
exploitpack
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
packetstorm
packetstorm
Mozilla Suite/Firefox Navigator Object Code Execution
2009-10-27 00:00:00
zdi
zdi
Mozilla Firefox Javascript navigator Object Vulnerability
2006-07-26 00:00:00
exploitdb
exploitdb
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
prion
prion
Design/Logic Flaw
2007-04-02 22:19:00
Design/Logic Flaw
2008-02-12 21:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

99.9%

JSON
Related for CESA-2006:0608
nessus35suse1redhat5openvas26ubuntu4gentoo3freebsd1securityvulns4debian6osv3centos4oraclelinux2mozilla13ubuntucve14checkpoint_advisories6cve16cert11debiancve14saint4seebug3exploitpack1packetstorm1zdi1exploitdb1prion2