seamonkey (SL4)

By Scientific Linux Team on April 29, 2011

Synopsis: Critical: seamonkey security update
Issue Date: 2011-04-28
CVE Numbers: CVE-2011-0078
CVE-2011-0077
CVE-2011-0075
CVE-2011-0074
CVE-2011-0073
CVE-2011-0072
CVE-2011-0080

SeaMonkey is an open source web browser, email and newsgroup client, IRC
chat client, and HTML editor.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could possibly lead to arbitrary code
execution with the privileges of the user running SeaMonkey.
(CVE-2011-0080)

An arbitrary memory write flaw was found in the way SeaMonkey handled
out-of-memory conditions. If all memory was consumed when a user visited a
malicious web page, it could possibly lead to arbitrary code execution
with the privileges of the user running SeaMonkey. (CVE-2011-0078)

An integer overflow flaw was found in the way SeaMonkey handled the HTML
frameset tag. A web page with a frameset tag containing large values for
the “rows” and “cols” attributes could trigger this flaw, possibly leading
to arbitrary code execution with the privileges of the user running
SeaMonkey. (CVE-2011-0077)

A flaw was found in the way SeaMonkey handled the HTML iframe tag. A web
page with an iframe tag containing a specially-crafted source address could
trigger this flaw, possibly leading to arbitrary code execution with the
privileges of the user running SeaMonkey. (CVE-2011-0075)

A flaw was found in the way SeaMonkey displayed multiple marquee elements.
A malformed HTML document could cause SeaMonkey to execute arbitrary code
with the privileges of the user running SeaMonkey. (CVE-2011-0074)

A flaw was found in the way SeaMonkey handled the nsTreeSelection element.
Malformed content could cause SeaMonkey to execute arbitrary code with the
privileges of the user running SeaMonkey. (CVE-2011-0073)

A use-after-free flaw was found in the way SeaMonkey appended frame and
iframe elements to a DOM tree when the NoScript add-on was enabled.
Malicious HTML content could cause SeaMonkey to execute arbitrary code with
the privileges of the user running SeaMonkey. (CVE-2011-0072)

All SeaMonkey users should upgrade to these updated packages, which correct
these issues. After installing the update, SeaMonkey must be restarted for
the changes to take effect.

SL4
x86_64
seamonkey-1.0.9-70.el4_8.x86_64.rpm
seamonkey-chat-1.0.9-70.el4_8.x86_64.rpm
seamonkey-devel-1.0.9-70.el4_8.x86_64.rpm
seamonkey-dom-inspector-1.0.9-70.el4_8.x86_64.rpm
seamonkey-js-debugger-1.0.9-70.el4_8.x86_64.rpm
seamonkey-mail-1.0.9-70.el4_8.x86_64.rpm
i386
seamonkey-1.0.9-70.el4_8.i386.rpm
seamonkey-chat-1.0.9-70.el4_8.i386.rpm
seamonkey-devel-1.0.9-70.el4_8.i386.rpm
seamonkey-dom-inspector-1.0.9-70.el4_8.i386.rpm
seamonkey-js-debugger-1.0.9-70.el4_8.i386.rpm
seamonkey-mail-1.0.9-70.el4_8.i386.rpm

– Scientific Linux Development Team