[Frugalware-darcs] homepage-ng: FSA198-seamonkey

voroskoi voroskoi at frugalware.org
Thu Jun 7 13:56:19 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607114835-dd049-12ec3868bcad26276570ebc956df70c1d90679cb.gz;

[FSA198-seamonkey
voroskoi <voroskoi at frugalware.org>**20070607114835] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>198</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>seamonkey</package>
+		<vulnerable>1.1.1-1</vulnerable>
+		<unaffected>1.1.2-1terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2123</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2867
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2868
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2870
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-2871</cve>
+		<desc>Some vulnerabilities have been reported in Mozilla SeaMonkey, whic=
h can be exploited by malicious people to conduct spoofing attacks, bypass =
certain security restrictions, and potentially compromise a user's system.
+			1) Errors in the JavaScript engine can be exploited to cause memory cor=
ruption and potentially to execute arbitrary code.
+			2) An error in the "addEventListener" method can be exploited to inject=
 script into another site, circumventing the browser's same-origin policy. =
This could be used to access or modify sensitive information from the other=
 site.
+			3) An error in the handling of XUL popups can be exploited to spoof par=
ts of the browser such as the location bar.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list