CentOS Update for seamonkey CESA-2011:1344 centos4 i386

CentOS Update for seamonkey CESA-2011:1344 centos4 i386. SeaMonkey is updated to resolve issues with handling frame objects and large JavaScript regular expressions, potentially leading to unauthorized access and arbitrary code execution

Reporter	Title	Published	Views	Family All 177
FreeBSD	Mozilla -- multiple vulnerabilities	27 Sep 201100:00	–	freebsd
Tenable Nessus	Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities	29 Sep 201100:00	–	nessus
Tenable Nessus	Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities	29 Sep 201100:00	–	nessus
Tenable Nessus	CentOS 4 / 5 : firefox (CESA-2011:1341)	29 Sep 201100:00	–	nessus
Tenable Nessus	CentOS 4 / 5 : thunderbird (CESA-2011:1343)	29 Sep 201100:00	–	nessus
Tenable Nessus	CentOS 4 : seamonkey (CESA-2011:1344)	30 Sep 201100:00	–	nessus
Tenable Nessus	Debian DSA-2312-1 : iceape - several vulnerabilities	30 Sep 201100:00	–	nessus
Tenable Nessus	Debian DSA-2313-1 : iceweasel - several vulnerabilities	30 Sep 201100:00	–	nessus
Tenable Nessus	Debian DSA-2317-1 : icedove - several vulnerabilities	6 Oct 201100:00	–	nessus
Tenable Nessus	FreeBSD : Mozilla -- multiple vulnerabilities (1fade8a3-e9e8-11e0-9580-4061862b8c22)	29 Sep 201100:00	–	nessus

Source	Link
lists	www.lists.centos.org/pipermail/centos-announce/2011-September/018089.html

###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for seamonkey CESA-2011:1344 centos4 i386
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "SeaMonkey is an open source web browser, email and newsgroup client, IRC
  chat client, and HTML editor.

  A flaw was found in the way SeaMonkey handled frame objects with certain
  names. An attacker could use this flaw to cause a plug-in to grant its
  content access to another site or the local file system, violating the
  same-origin policy. (CVE-2011-2999)
  
  An integer underflow flaw was found in the way SeaMonkey handled large
  JavaScript regular expressions. A web page containing malicious JavaScript
  could cause SeaMonkey to access already freed memory, causing SeaMonkey to
  crash or, potentially, execute arbitrary code with the privileges of the
  user running SeaMonkey. (CVE-2011-2998)
   
  All SeaMonkey users should upgrade to these updated packages, which correct
  these issues. After installing the update, SeaMonkey must be restarted for
  the changes to take effect.";
tag_solution = "Please Install the Updated Packages.";

tag_affected = "seamonkey on CentOS 4";


if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2011-September/018089.html");
  script_id(881013);
  script_version("$Revision: 6653 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2011-09-30 16:02:57 +0200 (Fri, 30 Sep 2011)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name: "CESA", value: "2011:1344");
  script_cve_id("CVE-2011-2998", "CVE-2011-2999");
  script_name("CentOS Update for seamonkey CESA-2011:1344 centos4 i386");

  script_summary("Check for the Version of seamonkey");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS4")
{

  if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~76.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~76.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~76.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~76.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~76.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~76.el4.centos", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

10 Jul 2017 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.03711