Rapid7 Vulnerability & Exploit Database

RHSA-2008:1037: seamonkey security update

Back to Search

RHSA-2008:1037: seamonkey security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/17/2008
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

SeaMonkey is an open source Web browser, email and newsgroup client, IRCchat client, and HTML editor.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause SeaMonkey to crash or,potentially, execute arbitrary code as the user running SeaMonkey.(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5504, CVE-2008-5511,CVE-2008-5512, CVE-2008-5513)Several flaws were found in the way malformed content was processed. Awebsite containing specially-crafted content could potentially trick aSeaMonkey user into surrendering sensitive information. (CVE-2008-5503,CVE-2008-5506, CVE-2008-5507)A flaw was found in the way malformed URLs were processed by SeaMonkey.This flaw could prevent various URL sanitization mechanisms from properlyparsing a malicious URL. (CVE-2008-5508)Note: after the errata packages are installed, SeaMonkey must be restartedfor the update to take effect.All SeaMonkey users should upgrade to these updated packages, which containbackported patches to resolve these issues.

Solution(s)

  • redhat-upgrade-seamonkey
  • redhat-upgrade-seamonkey-chat
  • redhat-upgrade-seamonkey-devel
  • redhat-upgrade-seamonkey-dom-inspector
  • redhat-upgrade-seamonkey-js-debugger
  • redhat-upgrade-seamonkey-mail

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;