seamonkey security update

2008-02-11T00:20:26
ID CESA-2008:0104-01
Type centos
Reporter CentOS Project
Modified 2008-02-11T00:20:26

Description

CentOS Errata and Security Advisory CESA-2008:0104-01

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417)

A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418)

A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type "plain/text", rather than "text/plain", SeaMonkey will not show future "text/plain" content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592)

Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2008-February/014682.html

Affected packages: seamonkey seamonkey-chat seamonkey-devel seamonkey-dom-inspector seamonkey-js-debugger seamonkey-mail seamonkey-nspr seamonkey-nspr-devel seamonkey-nss seamonkey-nss-devel

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html