OVAL Reference oval:com.redhat.rhsa:def:20070077

Oval Definition:

oval:com.redhat.rhsa:def:20070077

Revision Date:	2008-03-20	Version:	639
Title:	RHSA-2007:0077: seamonkey security update (Critical)
Description:	SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.8 that corrects these issues.
Family:	unix	Class:	patch
Status:		Reference(s):	CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-1092 CVE-2007-1282 RHSA-2007:0077 RHSA-2007:0077-03 RHSA-2007:0077-03
Platform(s):	Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4	Product(s):
Definition Synopsis
Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 3 is installed AND seamonkey-js-debugger is earlier than 0:1.0.8-0.2.el3 AND seamonkey-js-debugger is signed with Red Hat master key seamonkey-nspr is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nspr is signed with Red Hat master key seamonkey-devel is earlier than 0:1.0.8-0.2.el3 AND seamonkey-devel is signed with Red Hat master key seamonkey-chat is earlier than 0:1.0.8-0.2.el3 AND seamonkey-chat is signed with Red Hat master key seamonkey-nss is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nss is signed with Red Hat master key seamonkey is earlier than 0:1.0.8-0.2.el3 AND seamonkey is signed with Red Hat master key seamonkey-nspr-devel is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nspr-devel is signed with Red Hat master key seamonkey-dom-inspector is earlier than 0:1.0.8-0.2.el3 AND seamonkey-dom-inspector is signed with Red Hat master key seamonkey-mail is earlier than 0:1.0.8-0.2.el3 AND seamonkey-mail is signed with Red Hat master key seamonkey-nss-devel is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nss-devel is signed with Red Hat master key OR Package Information Red Hat Enterprise Linux 4 is installed AND devhelp-devel is earlier than 0:0.10-0.7.el4 AND devhelp-devel is signed with Red Hat master key devhelp is earlier than 0:0.10-0.7.el4 AND devhelp is signed with Red Hat master key seamonkey-js-debugger is earlier than 0:1.0.8-0.2.el4 AND seamonkey-js-debugger is signed with Red Hat master key seamonkey-devel is earlier than 0:1.0.8-0.2.el4 AND seamonkey-devel is signed with Red Hat master key seamonkey-chat is earlier than 0:1.0.8-0.2.el4 AND seamonkey-chat is signed with Red Hat master key seamonkey is earlier than 0:1.0.8-0.2.el4 AND seamonkey is signed with Red Hat master key seamonkey-dom-inspector is earlier than 0:1.0.8-0.2.el4 AND seamonkey-dom-inspector is signed with Red Hat master key seamonkey-mail is earlier than 0:1.0.8-0.2.el4 AND seamonkey-mail is signed with Red Hat master key
Definition Synopsis
Release Information Red Hat Enterprise Linux 3 is installed AND seamonkey is earlier than 0:1.0.8-0.2.el3 AND seamonkey is signed with Red Hat master key seamonkey-chat is earlier than 0:1.0.8-0.2.el3 AND seamonkey-chat is signed with Red Hat master key seamonkey-devel is earlier than 0:1.0.8-0.2.el3 AND seamonkey-devel is signed with Red Hat master key seamonkey-dom-inspector is earlier than 0:1.0.8-0.2.el3 AND seamonkey-dom-inspector is signed with Red Hat master key seamonkey-js-debugger is earlier than 0:1.0.8-0.2.el3 AND seamonkey-js-debugger is signed with Red Hat master key seamonkey-mail is earlier than 0:1.0.8-0.2.el3 AND seamonkey-mail is signed with Red Hat master key seamonkey-nspr is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nspr is signed with Red Hat master key seamonkey-nspr-devel is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nspr-devel is signed with Red Hat master key seamonkey-nss is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nss is signed with Red Hat master key seamonkey-nss-devel is earlier than 0:1.0.8-0.2.el3 AND seamonkey-nss-devel is signed with Red Hat master key OR Package Information Red Hat Enterprise Linux 4 is installed AND devhelp is earlier than 0:0.10-0.7.el4 AND devhelp is signed with Red Hat master key devhelp-devel is earlier than 0:0.10-0.7.el4 AND devhelp-devel is signed with Red Hat master key seamonkey is earlier than 0:1.0.8-0.2.el4 AND seamonkey is signed with Red Hat master key seamonkey-chat is earlier than 0:1.0.8-0.2.el4 AND seamonkey-chat is signed with Red Hat master key seamonkey-devel is earlier than 0:1.0.8-0.2.el4 AND seamonkey-devel is signed with Red Hat master key seamonkey-dom-inspector is earlier than 0:1.0.8-0.2.el4 AND seamonkey-dom-inspector is signed with Red Hat master key seamonkey-js-debugger is earlier than 0:1.0.8-0.2.el4 AND seamonkey-js-debugger is signed with Red Hat master key seamonkey-mail is earlier than 0:1.0.8-0.2.el4 AND seamonkey-mail is signed with Red Hat master key seamonkey-nspr is earlier than 0:1.0.8-0.2.el4 AND seamonkey-nspr is signed with Red Hat master key seamonkey-nspr-devel is earlier than 0:1.0.8-0.2.el4 AND seamonkey-nspr-devel is signed with Red Hat master key seamonkey-nss is earlier than 0:1.0.8-0.2.el4 AND seamonkey-nss is signed with Red Hat master key seamonkey-nss-devel is earlier than 0:1.0.8-0.2.el4 AND seamonkey-nss-devel is signed with Red Hat master key
Definition Synopsis
Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 4 is installed AND devhelp is earlier than 0:0.10-0.7.el4 AND devhelp is signed with Red Hat redhatrelease2 key devhelp-devel is earlier than 0:0.10-0.7.el4 AND devhelp-devel is signed with Red Hat redhatrelease2 key seamonkey is earlier than 0:1.0.8-0.2.el4 AND seamonkey is signed with Red Hat redhatrelease2 key seamonkey-chat is earlier than 0:1.0.8-0.2.el4 AND seamonkey-chat is signed with Red Hat redhatrelease2 key seamonkey-devel is earlier than 0:1.0.8-0.2.el4 AND seamonkey-devel is signed with Red Hat redhatrelease2 key seamonkey-dom-inspector is earlier than 0:1.0.8-0.2.el4 AND seamonkey-dom-inspector is signed with Red Hat redhatrelease2 key seamonkey-js-debugger is earlier than 0:1.0.8-0.2.el4 AND seamonkey-js-debugger is signed with Red Hat redhatrelease2 key seamonkey-mail is earlier than 0:1.0.8-0.2.el4 AND seamonkey-mail is signed with Red Hat redhatrelease2 key

BACK