What Are You Looking For?

Sign Up
Date:         Tue, 11 Aug 2009 14:28:38 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: seamonkey on SL3.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: seamonkey security update
Issue date:	2009-07-30
CVE Names:	CVE-2009-2404

CVE-2009-2404 nss regexp heap overflow

Moxie Marlinspike reported a heap overflow flaw in a regular expression
parser in the NSS library (provided by SeaMonkey) used to match common
names in certificates. A malicious website could present a
carefully-crafted certificate in such a way as to trigger the heap
overflow, leading to a crash or, possibly, arbitrary code execution with
the permissions of the user running SeaMonkey. (CVE-2009-2404)

Note: in order to exploit this issue without further user interaction, 
the carefully-crafted certificate would need to be signed by a 
Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents 
the victim with a warning that the certificate is untrusted. Only if the 
user then accepts the certificate will the overflow take place.

After installing the updated packages, SeaMonkey must be restarted for 
the update to take effect.

SL 3.0.x

      SRPMS:
seamonkey-1.0.9-0.41.el3.src.rpm
      i386:
seamonkey-1.0.9-0.41.el3.i386.rpm
seamonkey-chat-1.0.9-0.41.el3.i386.rpm
seamonkey-devel-1.0.9-0.41.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.41.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.41.el3.i386.rpm
seamonkey-mail-1.0.9-0.41.el3.i386.rpm
seamonkey-nspr-1.0.9-0.41.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.41.el3.i386.rpm
seamonkey-nss-1.0.9-0.41.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.41.el3.i386.rpm
      x86_64:
seamonkey-1.0.9-0.41.el3.i386.rpm
seamonkey-1.0.9-0.41.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.41.el3.i386.rpm
seamonkey-chat-1.0.9-0.41.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.41.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.41.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.41.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.41.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.41.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.41.el3.i386.rpm
seamonkey-mail-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.41.el3.i386.rpm
seamonkey-nspr-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.41.el3.i386.rpm
seamonkey-nss-1.0.9-0.41.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.41.el3.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-2404 Critical: seamonkey SL3.x i386/x86_64

Critical: seamonkey security update

Summary

Date:         Tue, 11 Aug 2009 14:28:38 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: seamonkey on SL3.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: seamonkey security updateIssue date:	2009-07-30CVE Names:	CVE-2009-2404CVE-2009-2404 nss regexp heap overflowMoxie Marlinspike reported a heap overflow flaw in a regular expressionparser in the NSS library (provided by SeaMonkey) used to match commonnames in certificates. A malicious website could present acarefully-crafted certificate in such a way as to trigger the heapoverflow, leading to a crash or, possibly, arbitrary code execution withthe permissions of the user running SeaMonkey. (CVE-2009-2404)Note: in order to exploit this issue without further user interaction, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by SeaMonkey, otherwise SeaMonkey presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place.After installing the updated packages, SeaMonkey must be restarted for the update to take effect.SL 3.0.x      SRPMS:seamonkey-1.0.9-0.41.el3.src.rpm      i386:seamonkey-1.0.9-0.41.el3.i386.rpmseamonkey-chat-1.0.9-0.41.el3.i386.rpmseamonkey-devel-1.0.9-0.41.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.41.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.41.el3.i386.rpmseamonkey-mail-1.0.9-0.41.el3.i386.rpmseamonkey-nspr-1.0.9-0.41.el3.i386.rpmseamonkey-nspr-devel-1.0.9-0.41.el3.i386.rpmseamonkey-nss-1.0.9-0.41.el3.i386.rpmseamonkey-nss-devel-1.0.9-0.41.el3.i386.rpm      x86_64:seamonkey-1.0.9-0.41.el3.i386.rpmseamonkey-1.0.9-0.41.el3.x86_64.rpmseamonkey-chat-1.0.9-0.41.el3.i386.rpmseamonkey-chat-1.0.9-0.41.el3.x86_64.rpmseamonkey-devel-1.0.9-0.41.el3.x86_64.rpmseamonkey-dom-inspector-1.0.9-0.41.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.41.el3.x86_64.rpmseamonkey-js-debugger-1.0.9-0.41.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.41.el3.x86_64.rpmseamonkey-mail-1.0.9-0.41.el3.i386.rpmseamonkey-mail-1.0.9-0.41.el3.x86_64.rpmseamonkey-nspr-1.0.9-0.41.el3.i386.rpmseamonkey-nspr-1.0.9-0.41.el3.x86_64.rpmseamonkey-nspr-devel-1.0.9-0.41.el3.x86_64.rpmseamonkey-nss-1.0.9-0.41.el3.i386.rpmseamonkey-nss-1.0.9-0.41.el3.x86_64.rpmseamonkey-nss-devel-1.0.9-0.41.el3.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo