openSUSE 10 Security Update : seamonkey (seamonkey-5657)

This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...

Mozilla Foundation Security Advisory 2008-38

Mozilla Foundation Security Advisory 2008-38 Title: nsXMLDocument::OnChannelRedirect same-origin violation Impact: High Announced: September 23, 2008 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12 Description Mozilla...

Design/Logic Flaw

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors...

CVE-2008-3835

CVE-2008-3835 affects Mozilla Firefox up to 2.0.0.17, Thunderbird up to 2.0.0.17, and SeaMonkey up to 1.1.12. Root cause: nsXMLDocument::OnChannelRedirect bypasses Same Origin Policy, allowing remote attackers to run arbitrary JavaScript. Impact: remote code execution via crafted web content. Rem...

nsXMLDocument::OnChannelRedirect() same-origin violation — Mozilla

Mozilla security researcher mozbugra4 reported that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. This vulnerability could be used to execute JavaScript in the context of a different website...