Oval Definition:oval:com.redhat.rhsa:def:20060734
Revision Date:2006-11-08Version:638
Title:RHSA-2006:0734: seamonkey security update (Critical)
Description:SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

  • Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748)

  • Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464)

  • A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462)

    Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-5462
    CVE-2006-5463
    CVE-2006-5464
    CVE-2006-5747
    CVE-2006-5748
    RHSA-2006:0734
    RHSA-2006:0734-01
    RHSA-2006:0734-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • seamonkey-mail is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-mail is signed with Red Hat master key
  • seamonkey-nspr is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nspr is signed with Red Hat master key
  • seamonkey-nss-devel is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nss-devel is signed with Red Hat master key
  • seamonkey-js-debugger is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-js-debugger is signed with Red Hat master key
  • seamonkey-nss is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nss is signed with Red Hat master key
  • seamonkey-chat is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-chat is signed with Red Hat master key
  • seamonkey-devel is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-devel is signed with Red Hat master key
  • seamonkey is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey is signed with Red Hat master key
  • seamonkey-nspr-devel is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nspr-devel is signed with Red Hat master key
  • seamonkey-dom-inspector is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-dom-inspector is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • seamonkey-mail is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-mail is signed with Red Hat master key
  • seamonkey-js-debugger is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-js-debugger is signed with Red Hat master key
  • seamonkey-devel is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-devel is signed with Red Hat master key
  • seamonkey-chat is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-chat is signed with Red Hat master key
  • seamonkey is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey is signed with Red Hat master key
  • seamonkey-dom-inspector is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-dom-inspector is signed with Red Hat master key
  • devhelp-devel is earlier than 0:0.10-0.5.el4
  • AND devhelp-devel is signed with Red Hat master key
  • devhelp is earlier than 0:0.10-0.5.el4
  • AND devhelp is signed with Red Hat master key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • seamonkey is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey is signed with Red Hat master key
  • seamonkey-chat is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-chat is signed with Red Hat master key
  • seamonkey-devel is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-devel is signed with Red Hat master key
  • seamonkey-dom-inspector is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-dom-inspector is signed with Red Hat master key
  • seamonkey-js-debugger is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-js-debugger is signed with Red Hat master key
  • seamonkey-mail is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-mail is signed with Red Hat master key
  • seamonkey-nspr is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nspr is signed with Red Hat master key
  • seamonkey-nspr-devel is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nspr-devel is signed with Red Hat master key
  • seamonkey-nss is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nss is signed with Red Hat master key
  • seamonkey-nss-devel is earlier than 0:1.0.6-0.1.el3
  • AND seamonkey-nss-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • seamonkey is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey is signed with Red Hat master key
  • seamonkey-chat is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-chat is signed with Red Hat master key
  • seamonkey-devel is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-devel is signed with Red Hat master key
  • seamonkey-dom-inspector is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-dom-inspector is signed with Red Hat master key
  • seamonkey-js-debugger is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-js-debugger is signed with Red Hat master key
  • seamonkey-mail is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-mail is signed with Red Hat master key
  • seamonkey-nspr is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-nspr is signed with Red Hat master key
  • seamonkey-nspr-devel is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-nspr-devel is signed with Red Hat master key
  • seamonkey-nss is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-nss is signed with Red Hat master key
  • seamonkey-nss-devel is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-nss-devel is signed with Red Hat master key
  • devhelp is earlier than 0:0.10-0.5.el4
  • AND devhelp is signed with Red Hat master key
  • devhelp-devel is earlier than 0:0.10-0.5.el4
  • AND devhelp-devel is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • seamonkey is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey is signed with Red Hat redhatrelease2 key
  • seamonkey-chat is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-chat is signed with Red Hat redhatrelease2 key
  • seamonkey-devel is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-devel is signed with Red Hat redhatrelease2 key
  • seamonkey-dom-inspector is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-dom-inspector is signed with Red Hat redhatrelease2 key
  • seamonkey-js-debugger is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-js-debugger is signed with Red Hat redhatrelease2 key
  • seamonkey-mail is earlier than 0:1.0.6-0.1.el4
  • AND seamonkey-mail is signed with Red Hat redhatrelease2 key
  • devhelp is earlier than 0:0.10-0.5.el4
  • AND devhelp is signed with Red Hat redhatrelease2 key
  • devhelp-devel is earlier than 0:0.10-0.5.el4
  • AND devhelp-devel is signed with Red Hat redhatrelease2 key
    • BACK