CentOS Errata and Security Advisory CESA-2006:0734-01
SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.
Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464)
A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462)
Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-November/013367.html
Affected packages: seamonkey seamonkey-chat seamonkey-devel seamonkey-dom-inspector seamonkey-js-debugger seamonkey-mail seamonkey-nspr seamonkey-nspr-devel seamonkey-nss seamonkey-nss-devel
Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html