Oval Definition:oval:com.redhat.rhsa:def:20110473
Revision Date:2011-04-29Version:635
Title:RHSA-2011:0473: seamonkey security update (Critical)
Description:SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.

  • Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0080)

  • An arbitrary memory write flaw was found in the way SeaMonkey handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0078)

  • An integer overflow flaw was found in the way SeaMonkey handled the HTML frameset tag. A web page with a frameset tag containing large values for the "rows" and "cols" attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0077)

  • A flaw was found in the way SeaMonkey handled the HTML iframe tag. A web page with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0075)

  • A flaw was found in the way SeaMonkey displayed multiple marquee elements. A malformed HTML document could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0074)

  • A flaw was found in the way SeaMonkey handled the nsTreeSelection element. Malformed content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0073)

  • A use-after-free flaw was found in the way SeaMonkey appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0072)

    All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-0072
    CVE-2011-0073
    CVE-2011-0074
    CVE-2011-0075
    CVE-2011-0077
    CVE-2011-0078
    CVE-2011-0080
    RHSA-2011:0473
    RHSA-2011:0473-01
    RHSA-2011:0473-01
    Platform(s):Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • seamonkey is earlier than 0:1.0.9-70.el4_8
  • AND seamonkey is signed with Red Hat redhatrelease2 key
  • seamonkey-chat is earlier than 0:1.0.9-70.el4_8
  • AND seamonkey-chat is signed with Red Hat redhatrelease2 key
  • seamonkey-devel is earlier than 0:1.0.9-70.el4_8
  • AND seamonkey-devel is signed with Red Hat redhatrelease2 key
  • seamonkey-dom-inspector is earlier than 0:1.0.9-70.el4_8
  • AND seamonkey-dom-inspector is signed with Red Hat redhatrelease2 key
  • seamonkey-js-debugger is earlier than 0:1.0.9-70.el4_8
  • AND seamonkey-js-debugger is signed with Red Hat redhatrelease2 key
  • seamonkey-mail is earlier than 0:1.0.9-70.el4_8
  • AND seamonkey-mail is signed with Red Hat redhatrelease2 key
    • BACK