| Description: | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.
Several flaws were found in the way SeaMonkey processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
Several denial of service flaws were found in the way SeaMonkey processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811)
A buffer overflow flaw was found in the way SeaMonkey Messenger displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard, it was possible to execute arbitrary code as the user running SeaMonkey Messenger. (CVE-2006-3804)
Several flaws were found in the way SeaMonkey processed certain javascript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810)
A flaw was found in the way SeaMonkey processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808)
Users of SeaMonkey are advised to upgrade to this update, which contains SeaMonkey version 1.0.3 that corrects these issues.
|