Lucene search

K
centosCentOS ProjectCESA-2008:0599
HistoryJul 16, 2008 - 7:11 p.m.

devhelp, seamonkey security update

2008-07-1619:11:33
CentOS Project
lists.centos.org
61
seamonkey
integer overflow
security update
web browser
email client
irc client
html editor
centos
cesa-2008:0599
cve-2008-2785
devhelp

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.549

Percentile

97.7%

CentOS Errata and Security Advisory CESA-2008:0599

SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

An integer overflow flaw was found in the way SeaMonkey displayed certain
web content. A malicious web site could cause SeaMonkey to crash or execute
arbitrary code with the permissions of the user running SeaMonkey.
(CVE-2008-2785)

All seamonkey users should upgrade to these updated packages, which contain
a backported patch to resolve this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077294.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077295.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077296.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077301.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077302.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077309.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077311.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077313.html

Affected packages:
devhelp
devhelp-devel
seamonkey
seamonkey-chat
seamonkey-devel
seamonkey-dom-inspector
seamonkey-js-debugger
seamonkey-mail
seamonkey-nspr
seamonkey-nspr-devel
seamonkey-nss
seamonkey-nss-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0599

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.549

Percentile

97.7%