Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Thu, 29 Sep 2011 10:43:48 -0500 Reply-To: Pat RieheckySender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Critical: seamonkey on SL4.x i386/x86_64 MIME-Version: 1.0 Synopsis: Critical: seamonkey security update Issue Date: 2011-09-28 CVE Numbers: CVE-2011-2999 CVE-2011-2998 SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2998) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. SL4: i386 seamonkey-1.0.9-76.el4.i386.rpm seamonkey-mail-1.0.9-76.el4.i386.rpm seamonkey-js-debugger-1.0.9-76.el4.i386.rpm seamonkey-dom-inspector-1.0.9-76.el4.i386.rpm seamonkey-devel-1.0.9-76.el4.i386.rpm seamonkey-debuginfo-1.0.9-76.el4.i386.rpm seamonkey-chat-1.0.9-76.el4.i386.rpm x86_64 seamonkey-js-debugger-1.0.9-76.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-76.el4.x86_64.rpm seamonkey-devel-1.0.9-76.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-76.el4.x86_64.rpm seamonkey-chat-1.0.9-76.el4.x86_64.rpm seamonkey-1.0.9-76.el4.x86_64.rpm seamonkey-mail-1.0.9-76.el4.x86_64.rpm - Scientific Linux Development Team