CentOS Update for seamonkey CESA-2010:0546 centos3 i386

CentOS Update for seamonkey CESA-2010:0546 centos3 i386" is an update for SeaMonkey browser, email, IRC chat client, and HTML editor. It fixes flaws like processing of malformed web content, memory corruption, same-origin policy bypass, and location bar display, which could lead to crashing or executing arbitrary code. Users must upgrade to the updated packages and restart SeaMonkey for changes to take effect

Reporter	Title	Published	Views	Family All 472
ALT Linux	Security fix for the ALT Linux 5 package libpng version 1.2.44-alt1	29 Jun 201000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 6 package libpng version 1.2.44-alt1	29 Jun 201000:00	–	altlinux
0day.today	libpng <= 1.4.2 Denial of Service Vulnerability	20 Jul 201000:00	–	zdt
0day.today	Firefox Plugin Parameter EnsureCachedAttrParamArrays Code Execution	18 Sep 201000:00	–	zdt
IBM Security Bulletins	Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS	3 Jun 202214:32	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability has been identified in BigFix Platform shipped with IBM License Metric Tool.	12 Aug 202008:19	–	ibm
Tenable Nessus	Mozilla Firefox 3.5.x < 3.5.11 Multiple Vulnerabilities	21 Jul 201000:00	–	nessus
Tenable Nessus	Mozilla Firefox 3.6.x < 3.6.7 Multiple Vulnerabilities	21 Jul 201000:00	–	nessus
Tenable Nessus	Mozilla Thunderbird 3.0.x < 3.0.6 Multiple Vulnerabilities	21 Jul 201000:00	–	nessus
Tenable Nessus	Mozilla Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities	21 Jul 201000:00	–	nessus

Source	Link
lists	www.lists.centos.org/pipermail/centos-announce/2010-August/016924.html

###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for seamonkey CESA-2010:0546 centos3 i386
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "SeaMonkey is an open source web browser, email and newsgroup client, IRC
  chat client, and HTML editor.

  Several flaws were found in the processing of malformed web content. A web
  page containing malicious content could cause SeaMonkey to crash or,
  potentially, execute arbitrary code with the privileges of the user running
  SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)

  A memory corruption flaw was found in the way SeaMonkey decoded certain PNG
  images. An attacker could create a specially-crafted PNG image that, when
  opened, could cause SeaMonkey to crash or, potentially, execute arbitrary
  code with the privileges of the user running SeaMonkey. (CVE-2010-1205)

  A same-origin policy bypass flaw was found in SeaMonkey. An attacker could
  create a malicious web page that, when viewed by a victim, could steal
  private data from a different website the victim has loaded with SeaMonkey.
  (CVE-2010-2754)

  A flaw was found in the way SeaMonkey displayed the location bar when
  visiting a secure web page. A malicious server could use this flaw to
  present data that appears to originate from a secure server, even though it
  does not. (CVE-2010-2751)

  All SeaMonkey users should upgrade to these updated packages, which correct
  these issues. After installing the update, SeaMonkey must be restarted for
  the changes to take effect.";
tag_solution = "Please Install the Updated Packages.";

tag_affected = "seamonkey on CentOS 3";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2010-August/016924.html");
  script_id(880410);
  script_version("$Revision: 8226 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $");
  script_tag(name:"creation_date", value:"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "CESA", value: "2010:0546");
  script_cve_id("CVE-2010-1205", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2751", "CVE-2010-2753", "CVE-2010-2754");
  script_name("CentOS Update for seamonkey CESA-2010:0546 centos3 i386");

  script_tag(name: "summary" , value: "Check for the Version of seamonkey");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS3")
{

  if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~0.57.el3.centos3", rls:"CentOS3")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

22 Dec 2017 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.14816