Rapid7 Vulnerability & Exploit Database

RHSA-2009:1531: seamonkey security update

Back to Search

RHSA-2009:1531: seamonkey security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
10/29/2009
Created
07/25/2018
Added
11/02/2009
Modified
07/04/2017

Description

SeaMonkey is an open source Web browser, email and newsgroup client, IRCchat client, and HTML editor.A flaw was found in the way SeaMonkey creates temporary file names fordownloaded files. If a local attacker knows the name of a file SeaMonkey isgoing to download, they can replace the contents of that file witharbitrary contents. (CVE-2009-3274)A heap-based buffer overflow flaw was found in the SeaMonkey string tofloating point conversion routines. A web page containing maliciousJavaScript could crash SeaMonkey or, potentially, execute arbitrary codewith the privileges of the user running SeaMonkey. (CVE-2009-1563)A flaw was found in the way SeaMonkey handles text selection. A maliciouswebsite may be able to read highlighted text in a different domain (e.g.another website the user is viewing), bypassing the same-origin policy.(CVE-2009-3375)A flaw was found in the way SeaMonkey displays a right-to-left overridecharacter when downloading a file. In these cases, the name displayed inthe title bar differs from the name displayed in the dialog body. Anattacker could use this flaw to trick a user into downloading a file thathas a file name or extension that differs from what the user expected.(CVE-2009-3376)Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause SeaMonkey to crash or,potentially, execute arbitrary code with the privileges of the user runningSeaMonkey. (CVE-2009-3380)All SeaMonkey users should upgrade to these updated packages, which correctthese issues. After installing the update, SeaMonkey must be restarted forthe changes to take effect.

Solution(s)

  • redhat-upgrade-seamonkey
  • redhat-upgrade-seamonkey-chat
  • redhat-upgrade-seamonkey-devel
  • redhat-upgrade-seamonkey-dom-inspector
  • redhat-upgrade-seamonkey-js-debugger
  • redhat-upgrade-seamonkey-mail

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;