(RHSA-2010:0680) Critical: seamonkey security update

2010-09-07T00:00:00
ID RHSA-2010:0680
Type redhat
Reporter RedHat
Modified 2018-05-26T00:26:18

Description

SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169)

A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765)

A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168)

A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768)

All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.