(RHSA-2007:1084) Critical: seamonkey security update

SeaMonkey is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

A cross-site scripting flaw was found in the way SeaMonkey handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
SeaMonkey. (CVE-2007-5947)

Several flaws were found in the way SeaMonkey processed certain malformed
web content. A webpage containing malicious content could cause SeaMonkey
to crash, or potentially execute arbitrary code as the user running
SeaMonkey. (CVE-2007-5959)

A race condition existed when Seamonkey set the “window.location” property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)

Users of SeaMonkey are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.