[Frugalware-security] [ FSA-43 ] seamonkey

voroskoi noreply at frugalware.org
Tue Nov 14 19:44:37 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-43

Date: 2006-11-14
Package: seamonkey
Vulnerable versions: <= 1.0.5-1siwenna1
Unaffected versions: >= 1.0.6-1siwenna1
Related bugreport: http://bugs.frugalware.org/task/1436
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748

Description
===========

Some vulnerabilities have been reported in Mozilla Firefox and Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system.
1) The bundled Network Security Services (NSS) library contains an incomplete fix for the RSA signature verification vulnerability reported in MFSA 2006-60.
2) An error exists within the handling of Script objects. This can potentially be exploited to execute arbitrary JavaScript bytecode by modifying already running Script objects.
3) Some unspecified errors in the layout engine and memory corruption errors in the JavaScript engine can be exploited to crash the application and may allow execution of arbitrary code.
4) An unspecified error within XML.prototype.hasOwnProperty can potentially be exploited to execute arbitrary code.

Updated Packages
================

Check if you have seamonkey installed:

	# pacman -Q seamonkey

If found, then you should upgrade to the latest version:

	# pacman -Sy seamonkey

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFWg6VZ7NElSD1VhkRAhb4AJ94+71Bns6ygaDhtfMXIIzWuq9tCACfQSGj
95rjNi8z6YG3vZqqjZ1qY+4=
=yBov
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list