SciLinux: CVE-2009-0652 Critical: seamonkey SL3.x, SL4.x i386/x86_64
Summary
Date: Tue, 21 Apr 2009 14:19:09 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: FASTBUGS for SL 5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" The following FASTBUGS have been uploaded to i386:cpuspeed-1.2.1-7.el5.i386.rpmdevice-mapper-multipath-0.4.7-23.el5_3.4.i386.rpmdump-0.4b41-4.el5.i386.rpmkpartx-0.4.7-23.el5_3.4.i386.rpmrmt-0.4b41-4.el5.i386.rpmrsh-0.17-40.el5.i386.rpmrsh-server-0.17-40.el5.i386.rpmscim-bridge-0.4.5-9.el5.i386.rpmscim-bridge-gtk-0.4.5-9.el5.i386.rpm x86_64:cpuspeed-1.2.1-7.el5.x86_64.rpmdevice-mapper-multipath-0.4.7-23.el5_3.4.x86_64.rpmdump-0.4b41-4.el5.x86_64.rpmkpartx-0.4.7-23.el5_3.4.x86_64.rpmrmt-0.4b41-4.el5.x86_64.rpmrsh-0.17-40.el5.x86_64.rpmrsh-server-0.17-40.el5.x86_64.rpmscim-bridge-0.4.5-9.el5.x86_64.rpmscim-bridge-gtk-0.4.5-9.el5.i386.rpmscim-bridge-gtk-0.4.5-9.el5.x86_64.rpm-Connie Sieh-Troy DawsonDate: Thu, 23 Apr 2009 15:25:56 -0500Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Critical: seamonkey on SL3.x, SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Critical: seamonkey security updateIssue date: 2009-04-21CVE Names: CVE-2009-0652 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or,potentially, execute arbitrary code as the user running SeaMonkey.(CVE-2009-1303, CVE-2009-1305)Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1312)A flaw was found in the way SeaMonkey saved certain web pages to a localfile. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311)SeaMonkey must be restarted for the changes to take effect.SL 3.0.x SRPMS:seamonkey-1.0.9-0.37.el3.src.rpm i386:seamonkey-1.0.9-0.37.el3.i386.rpmseamonkey-chat-1.0.9-0.37.el3.i386.rpmseamonkey-devel-1.0.9-0.37.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.37.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.37.el3.i386.rpmseamonkey-mail-1.0.9-0.37.el3.i386.rpmseamonkey-nspr-1.0.9-0.37.el3.i386.rpmseamonkey-nspr-devel-1.0.9-0.37.el3.i386.rpmseamonkey-nss-1.0.9-0.37.el3.i386.rpmseamonkey-nss-devel-1.0.9-0.37.el3.i386.rpm x86_64:seamonkey-1.0.9-0.37.el3.i386.rpmseamonkey-1.0.9-0.37.el3.x86_64.rpmseamonkey-chat-1.0.9-0.37.el3.i386.rpmseamonkey-chat-1.0.9-0.37.el3.x86_64.rpmseamonkey-devel-1.0.9-0.37.el3.x86_64.rpmseamonkey-dom-inspector-1.0.9-0.37.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.37.el3.x86_64.rpmseamonkey-js-debugger-1.0.9-0.37.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.37.el3.x86_64.rpmseamonkey-mail-1.0.9-0.37.el3.i386.rpmseamonkey-mail-1.0.9-0.37.el3.x86_64.rpmseamonkey-nspr-1.0.9-0.37.el3.i386.rpmseamonkey-nspr-1.0.9-0.37.el3.x86_64.rpmseamonkey-nspr-devel-1.0.9-0.37.el3.x86_64.rpmseamonkey-nss-1.0.9-0.37.el3.i386.rpmseamonkey-nss-1.0.9-0.37.el3.x86_64.rpmseamonkey-nss-devel-1.0.9-0.37.el3.x86_64.rpmSL 4.x SRPMS:seamonkey-1.0.9-41.el4.src.rpm i386:seamonkey-1.0.9-41.el4.i386.rpmseamonkey-chat-1.0.9-41.el4.i386.rpmseamonkey-devel-1.0.9-41.el4.i386.rpmseamonkey-dom-inspector-1.0.9-41.el4.i386.rpmseamonkey-js-debugger-1.0.9-41.el4.i386.rpmseamonkey-mail-1.0.9-41.el4.i386.rpm x86_64:seamonkey-1.0.9-41.el4.i386.rpmseamonkey-1.0.9-41.el4.x86_64.rpmseamonkey-chat-1.0.9-41.el4.i386.rpmseamonkey-chat-1.0.9-41.el4.x86_64.rpmseamonkey-devel-1.0.9-41.el4.x86_64.rpmseamonkey-dom-inspector-1.0.9-41.el4.i386.rpmseamonkey-dom-inspector-1.0.9-41.el4.x86_64.rpmseamonkey-js-debugger-1.0.9-41.el4.i386.rpmseamonkey-js-debugger-1.0.9-41.el4.x86_64.rpmseamonkey-mail-1.0.9-41.el4.i386.rpmseamonkey-mail-1.0.9-41.el4.x86_64.rpm-Connie Sieh-Troy Dawson