Lucene search

K
redhatRedHatRHSA-2011:0888
HistoryJun 21, 2011 - 12:00 a.m.

(RHSA-2011:0888) Critical: seamonkey security update

2011-06-2100:00:00
access.redhat.com
29

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%

SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

A flaw was found in the way SeaMonkey handled malformed JPEG images. A
website containing a malicious JPEG image could cause SeaMonkey to crash
or, potentially, execute arbitrary code with the privileges of the user
running SeaMonkey. (CVE-2011-2377)

Multiple dangling pointer flaws were found in SeaMonkey. A web page
containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user running
SeaMonkey. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375,
CVE-2011-2376)

An integer overflow flaw was found in the way SeaMonkey handled JavaScript
Array objects. A website containing malicious JavaScript could cause
SeaMonkey to execute that JavaScript with the privileges of the user
running SeaMonkey. (CVE-2011-2371)

A use-after-free flaw was found in the way SeaMonkey handled malformed
JavaScript. A website containing malicious JavaScript could cause SeaMonkey
to execute that JavaScript with the privileges of the user running
SeaMonkey. (CVE-2011-2373)

It was found that SeaMonkey could treat two separate cookies as
interchangeable if both were for the same domain name but one of those
domain names had a trailing “.” character. This violates the same-origin
policy and could possibly lead to data being leaked to the wrong domain.
(CVE-2011-2362)

All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%