What Are You Looking For?

Sign Up
Date:         Wed, 16 Dec 2009 13:25:18 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Critical: seamonkey on SL3.x, SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: seamonkey security update
Issue date:	2009-12-15
CVE Names:	CVE-2009-3979 CVE-2009-3983 CVE-2009-3984

Several flaws were found in the processing of malformed web content. A 
web page containing malicious content could cause SeaMonkey to crash or,
potentially, execute arbitrary code with the privileges of the user 
running SeaMonkey. (CVE-2009-3979)

A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication
protocol implementation. If an attacker could trick a local user that 
has NTLM credentials into visiting a specially-crafted web page, they 
could send arbitrary requests, authenticated with the user's NTLM 
credentials, to other applications on the user's system. (CVE-2009-3983)

A flaw was found in the way SeaMonkey displayed the SSL location bar
indicator. An attacker could create an unencrypted web page that appearsto be encrypted, possibly tricking the user into believing they are
visiting a secure page. (CVE-2009-3984)

After installing the update, SeaMonkey must be restarted for the changes 
to take effect.

SL 3.0.x

      SRPMS:
seamonkey-1.0.9-0.48.el3.src.rpm
      i386:
seamonkey-1.0.9-0.48.el3.i386.rpm
seamonkey-chat-1.0.9-0.48.el3.i386.rpm
seamonkey-devel-1.0.9-0.48.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.48.el3.i386.rpm
seamonkey-mail-1.0.9-0.48.el3.i386.rpm
seamonkey-nspr-1.0.9-0.48.el3.i386.rpm
seamonkey-nspr-devel-1.0.9-0.48.el3.i386.rpm
seamonkey-nss-1.0.9-0.48.el3.i386.rpm
seamonkey-nss-devel-1.0.9-0.48.el3.i386.rpm
      x86_64:
seamonkey-1.0.9-0.48.el3.i386.rpm
seamonkey-1.0.9-0.48.el3.x86_64.rpm
seamonkey-chat-1.0.9-0.48.el3.i386.rpm
seamonkey-chat-1.0.9-0.48.el3.x86_64.rpm
seamonkey-devel-1.0.9-0.48.el3.x86_64.rpm
seamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpm
seamonkey-dom-inspector-1.0.9-0.48.el3.x86_64.rpm
seamonkey-js-debugger-1.0.9-0.48.el3.i386.rpm
seamonkey-js-debugger-1.0.9-0.48.el3.x86_64.rpm
seamonkey-mail-1.0.9-0.48.el3.i386.rpm
seamonkey-mail-1.0.9-0.48.el3.x86_64.rpm
seamonkey-nspr-1.0.9-0.48.el3.i386.rpm
seamonkey-nspr-1.0.9-0.48.el3.x86_64.rpm
seamonkey-nspr-devel-1.0.9-0.48.el3.x86_64.rpm
seamonkey-nss-1.0.9-0.48.el3.i386.rpm
seamonkey-nss-1.0.9-0.48.el3.x86_64.rpm
seamonkey-nss-devel-1.0.9-0.48.el3.x86_64.rpm

SL 4.x

      SRPMS:
seamonkey-1.0.9-51.el4_8.src.rpm
      i386:
seamonkey-1.0.9-51.el4_8.i386.rpm
seamonkey-chat-1.0.9-51.el4_8.i386.rpm
seamonkey-devel-1.0.9-51.el4_8.i386.rpm
seamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpm
seamonkey-js-debugger-1.0.9-51.el4_8.i386.rpm
seamonkey-mail-1.0.9-51.el4_8.i386.rpm
      x86_64:
seamonkey-1.0.9-51.el4_8.i386.rpm
seamonkey-1.0.9-51.el4_8.x86_64.rpm
seamonkey-chat-1.0.9-51.el4_8.i386.rpm
seamonkey-chat-1.0.9-51.el4_8.x86_64.rpm
seamonkey-devel-1.0.9-51.el4_8.x86_64.rpm
seamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpm
seamonkey-dom-inspector-1.0.9-51.el4_8.x86_64.rpm
seamonkey-js-debugger-1.0.9-51.el4_8.i386.rpm
seamonkey-js-debugger-1.0.9-51.el4_8.x86_64.rpm
seamonkey-mail-1.0.9-51.el4_8.i386.rpm
seamonkey-mail-1.0.9-51.el4_8.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-3979 Critical: seamonkey SL3.x, SL4.x i386/x86_64

Critical: seamonkey security update

Summary

Date:         Wed, 16 Dec 2009 13:25:18 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Critical: seamonkey on SL3.x, SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: seamonkey security updateIssue date:	2009-12-15CVE Names:	CVE-2009-3979 CVE-2009-3983 CVE-2009-3984Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or,potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979)A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authenticationprotocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983)A flaw was found in the way SeaMonkey displayed the SSL location barindicator. An attacker could create an unencrypted web page that appearsto be encrypted, possibly tricking the user into believing they arevisiting a secure page. (CVE-2009-3984)After installing the update, SeaMonkey must be restarted for the changes to take effect.SL 3.0.x      SRPMS:seamonkey-1.0.9-0.48.el3.src.rpm      i386:seamonkey-1.0.9-0.48.el3.i386.rpmseamonkey-chat-1.0.9-0.48.el3.i386.rpmseamonkey-devel-1.0.9-0.48.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.48.el3.i386.rpmseamonkey-mail-1.0.9-0.48.el3.i386.rpmseamonkey-nspr-1.0.9-0.48.el3.i386.rpmseamonkey-nspr-devel-1.0.9-0.48.el3.i386.rpmseamonkey-nss-1.0.9-0.48.el3.i386.rpmseamonkey-nss-devel-1.0.9-0.48.el3.i386.rpm      x86_64:seamonkey-1.0.9-0.48.el3.i386.rpmseamonkey-1.0.9-0.48.el3.x86_64.rpmseamonkey-chat-1.0.9-0.48.el3.i386.rpmseamonkey-chat-1.0.9-0.48.el3.x86_64.rpmseamonkey-devel-1.0.9-0.48.el3.x86_64.rpmseamonkey-dom-inspector-1.0.9-0.48.el3.i386.rpmseamonkey-dom-inspector-1.0.9-0.48.el3.x86_64.rpmseamonkey-js-debugger-1.0.9-0.48.el3.i386.rpmseamonkey-js-debugger-1.0.9-0.48.el3.x86_64.rpmseamonkey-mail-1.0.9-0.48.el3.i386.rpmseamonkey-mail-1.0.9-0.48.el3.x86_64.rpmseamonkey-nspr-1.0.9-0.48.el3.i386.rpmseamonkey-nspr-1.0.9-0.48.el3.x86_64.rpmseamonkey-nspr-devel-1.0.9-0.48.el3.x86_64.rpmseamonkey-nss-1.0.9-0.48.el3.i386.rpmseamonkey-nss-1.0.9-0.48.el3.x86_64.rpmseamonkey-nss-devel-1.0.9-0.48.el3.x86_64.rpmSL 4.x      SRPMS:seamonkey-1.0.9-51.el4_8.src.rpm      i386:seamonkey-1.0.9-51.el4_8.i386.rpmseamonkey-chat-1.0.9-51.el4_8.i386.rpmseamonkey-devel-1.0.9-51.el4_8.i386.rpmseamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpmseamonkey-js-debugger-1.0.9-51.el4_8.i386.rpmseamonkey-mail-1.0.9-51.el4_8.i386.rpm      x86_64:seamonkey-1.0.9-51.el4_8.i386.rpmseamonkey-1.0.9-51.el4_8.x86_64.rpmseamonkey-chat-1.0.9-51.el4_8.i386.rpmseamonkey-chat-1.0.9-51.el4_8.x86_64.rpmseamonkey-devel-1.0.9-51.el4_8.x86_64.rpmseamonkey-dom-inspector-1.0.9-51.el4_8.i386.rpmseamonkey-dom-inspector-1.0.9-51.el4_8.x86_64.rpmseamonkey-js-debugger-1.0.9-51.el4_8.i386.rpmseamonkey-js-debugger-1.0.9-51.el4_8.x86_64.rpmseamonkey-mail-1.0.9-51.el4_8.i386.rpmseamonkey-mail-1.0.9-51.el4_8.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo